P. SiriwardenaAdvanced API Securityhttps://doi.org/10.1007/978-1-4842-2050-4_22

OAuth 2.0 MAC Token Profile

Prabath Siriwardena¹

(1)

San Jose, CA, USA

The OAuth 2.0 core specification doesn’t mandate any specific token type. It’s one of the extension points introduced in OAuth 2.0. Almost all public implementations use the OAuth 2.0 Bearer Token Profile. This came up with the OAuth 2.0 core specification, but as an independent profile, documented under RFC 6750. Eran Hammer, who was the lead editor of the OAuth 2.0 specification by that time, introduced the Message Authentication Code (MAC) Token Profile for OAuth 2.0. (Hammer also led the OAuth 1.0 specification.) Since its introduction to the OAuth 2.0 IETF working group ...

Get Advanced API Security: OAuth 2.0 and Beyond now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Advanced API Security: OAuth 2.0 and Beyond by Prabath Siriwardena

OAuth 2.0 MAC Token Profile

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly