P. SiriwardenaAdvanced API Securityhttps://doi.org/10.1007/978-1-4842-2050-4_11

11. OAuth 2.0 Token Binding

Prabath Siriwardena¹

(1)

San Jose, CA, USA

Most of the OAuth 2.0 deployments do rely upon bearer tokens. A bearer token is like “cash.” If I steal 10 bucks from you, I can use it at a Starbucks to buy a cup of coffee—no questions asked. I do not need to prove that I own the ten-dollar note. Unlike cash, if I use my credit card, I need to prove the possession. I need to prove I own it. I need to sign to authorize the transaction, and it’s validated against the signature on the card. The bearer tokens are like cash—once stolen, an attacker can use it to impersonate the original owner. Credit cards are like proof of ...

Get Advanced API Security: OAuth 2.0 and Beyond now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Advanced API Security: OAuth 2.0 and Beyond by Prabath Siriwardena

11. OAuth 2.0 Token Binding

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly