What this book covers

Chapter 1, OAuth 2.0 Foundations, contains recipes that will cover the basics of OAuth 2.0 through simple recipes that allow the reader to interact with public OAuth 2.0-protected APIs such as Facebook, LinkedIn, and Google.

Chapter 2, Implement Your Own OAuth 2.0 Provider, describes the way you can implement your own OAuth 2.0 Provider, presenting recipes that help with Authorization Server and Resource Server configurations considering different OAuth 2.0 grant types. It also presents how to effectively work with refresh tokens, using different databases to store access tokens.

Chapter 3, Using OAuth 2.0 Protected APIs, presents recipes that helps to create OAuth 2.0 client applications that are able to interact with all grant types described in the OAuth 2.0 specification. It also presents how to manage refresh tokens on the client side.

Chapter 4, OAuth 2.0 Profiles, explains some OAuth 2.0 profiles and how to implement them using Spring Security OAuth2. These profiles are specified to help with specific scenarios that aren't covered by OAuth 2.0 specifications, such as token revocation and token introspection to allow remote validation. This recipe also provides some recommendations, such as how and when to use cache when using remote validation.

Chapter 5, Self Contained Tokens with JWT, focuses on the usage of JWT as OAuth 2.0 access tokens and how to implement the main extensions for JWT, such as JWS and JWE, providing signature and encryption to protect the content conveyed by a JWT access token. This chapter also presents a nice approach to increase the security of your application by using proof-of-possession semantics on OAuth 2.0.

Chapter 6, OpenID Connect for Authentication, explains the difference between authorization and authentication, and how OAuth 2.0 can help to build an authentication protocol. To illustrate the usage of OpenID Connect, all the recipes presented in this chapter are aimed at client applications instead of building an OpenID Connect Provider.

Chapter 7, Implementing Mobile Clients, covers how to implement OAuth 2.0 native mobile clients using Android as the platform chosen for the recipes. This chapter presents some guidelines specified by the recently published specification named OAuth 2.0 for native apps.

Chapter 8 , Avoiding Common Vulnerabilities, covers ways to better protect the main components considered within an OAuth 2.0 ecosystem.