SummaryOAuth 2 in Action teaches you the practical use and deployment of this HTTP-based protocol from the perspectives of a client, authorization server, and resource server. You'll learn how to confidently and securely build and deploy OAuth on both the client and server sides. Foreword by Ian Glazer.Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.About the TechnologyThink of OAuth 2 as the web version of a valet key. It is an HTTP-based security protocol that allows users of a service to enable applications to use that service on their behalf without handing over full control. And OAuth is used everywhere, from Facebook and Google, to startups and cloud services.About the BookOAuth 2 in Action teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server. You'll begin with an overview of OAuth and its components and interactions. Next, you'll get hands-on and build an OAuth client, an authorization server, and a protected resource. Then you'll dig into tokens, dynamic client registration, and more advanced topics. By the end, you'll be able to confidently and securely build and deploy OAuth on both the client and server sides.What's Inside\nCovers OAuth 2 protocol and design\nAuthorization with OAuth 2\nOpenID Connect and User-Managed Access\nImplementation risks\nJOSE, introspection, revocation, and registration\nProtecting and accessing REST APIs\n\nAbout the ReaderReaders need basic programming skills and knowledge of HTTP and JSON.About the AuthorJustin Richer is a systems architect and software engineer. Antonio Sanso is a security software engineer and a security researcher. Both authors contribute to open standards and open source.Table of ContentsPart 1 - First stepsWhat is OAuth 2.0 and why should you care?\nThe OAuth dance Part 2 - Building an OAuth 2 environmentBuilding a simple OAuth client \nBuilding a simple OAuth protected resource \nBuilding a simple OAuth authorization server \nOAuth 2.0 in the real world Part 3 - OAuth 2 implementation and vulnerabilitiesCommon client vulnerabilities \nCommon protected resources vulnerabilities \nCommon authorization server vulnerabilities \nCommon OAuth token vulnerabilities Part 4 - Taking OAuth furtherOAuth tokens \nDynamic client registration \nUser authentication with OAuth 2.0 \nProtocols and profiles using OAuth 2.0 \nBeyond bearer tokens \nSummary and conclusions \n