Chapter 2. OAuth 2.0 Distilled

In this chapter we explain the main design principles behind OAuth 2.0. Remember that we use OAuth and OAuth 2.0 interchangeably, which means that we always refer to the OAuth 2.0 authorization framework that was originally released as RFC 6749. We provide an overview of the main behaviors for applications on how to get, refresh and revoke unforgeable API message credentials — access tokens. These tokens are the key to access protected data in APIs.

It can be hard to get started with OAuth because there is a lot to digest. Hence, if you are new to OAuth, read on to learn the most important basics. Feel free to skip this chapter if you are familiar with the framework. We provide practical guides in other chapters that show you how to work with OAuth in your APIs and in frontend applications.

The core of OAuth’s design is a mechanism for obtaining the access token. ...

Get Cloud Native Data Security with OAuth now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cloud Native Data Security with OAuth by Gary Archer, Judith Kahrer, Michał Trojanowski

Chapter 2. OAuth 2.0 Distilled

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly