OAuth 2.0 Simplified is a guide to building an OAuth 2.0 server. Through high-level overviews, step-by-step instructions, and real-world examples, you will learn how to take advantage of the OAuth 2.0 framework while building a secure API.
You can buy the paperback book on Lulu.com or Amazon now! Also available as an ePub or PDF.
My video course The Nuts and Bolts of OAuth 2.0 is now available on Udemy! With over 3.5 hours of video content, interactive exercises, and access to a web-based tool guiding you through the exercises giving you feedback along the way, you can join over 1500 other students who have already taken this course!
OAuth Cheat Sheet
I published a cheat sheet "OAuth Patterns and Anti-Patterns" available for free!
The "OAuth Patterns and Anti-Patterns" Refcard covers a range of topics including:
- Clear and concise definitions of common OAuth terminology
- Tips for securing tokens in browser-based apps
- How PKCE is a more OAuth secure flow
- The difference between access tokens and ID tokens
- Access token validation tips and techniques
I contribute to the OAuth specs, and co-authored OAuth 2.0 for Browser-Based Apps and OAuth 2.1.
I also maintain oauth.net
OAuth: When Things Go Wrong
Presented at the O'Reilly Software Architecture Conference
At this year’s beyond tellerrand Düsseldorf IndieWebCamp co-founder and OAuth consultant Aaron Parecki gave a talk about OAuth, why we need it, and how we can use it to simplify authentication and authorization in web applications:
Aaron Parecki – Why Do We Really Need OAuth Anyway? – beyond tellerrand Düseldorf 2021 from beyond tellerrand on Vimeo.
Aaron also provides a guide to building an OAuth 2.0 server and a video course titled “The Nuts and Bolts of OAuth 2.0”.December 5, 2021 by Bjoern in Enterprise Software, Software, Web Applications