Chapter 4. Building a simple OAuth protected resource

This chapter covers

Parsing an incoming HTTP request for OAuth tokens
Responding to token errors
Serving requests differently based on scopes
Serving requests differently based on the resource owner

Now that we’ve got a working OAuth client, it’s time to create a protected resource for the client to call with those access tokens. In this chapter, we’ll be building a simple resource server that our client can call and our authorization server can protect. We’ll be giving you a fully functional client and authorization server for each exercise, all designed to work together.

Note

All of the exercises and examples in this book are built using Node.js and JavaScript. Each exercise ...

Get OAuth 2 in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

OAuth 2 in Action by Justin Richer, Antonio Sanso

Chapter 4. Building a simple OAuth protected resource

Note

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly