OAuth 2.0 Simplified is a guide to building an OAuth 2.0 server. Through high-level overviews, step-by-step instructions, and real-world examples, you will learn how to take advantage of the OAuth 2.0 framework while building a secure API.
My video course The Nuts and Bolts of OAuth 2.0 is now available on Udemy! With over 3.5 hours of video content, interactive exercises, and access to a web-based tool guiding you through the exercises giving you feedback along the way, you can join over 1500 other students who have already taken this course!
OAuth Cheat Sheet
I published a cheat sheet "OAuth Patterns and Anti-Patterns" available for free!
The "OAuth Patterns and Anti-Patterns" Refcard covers a range of topics including:
- Clear and concise definitions of common OAuth terminology
- Tips for securing tokens in browser-based apps
- How PKCE is a more OAuth secure flow
- The difference between access tokens and ID tokens
- Access token validation tips and techniques
I also maintain oauth.net
OAuth: When Things Go Wrong
Presented at the O'Reilly Software Architecture Conference