7 OAuth2 and OpenID Connect

This chapter covers

Enabling third-party access to your API with scoped tokens
Integrating an OAuth2 Authorization Server for delegated authorization
Validating OAuth2 access tokens with token introspection
Implementing single sign-on with OAuth and OpenID Connect

In the last few chapters, you’ve implemented user authentication methods that are suitable for the Natter UI and your own desktop and mobile apps. Increasingly, APIs are being opened to third-party apps and clients from other businesses and organizations. Natter is no different, and your newly appointed CEO has decided that you can boost growth by encouraging an ecosystem of Natter API clients and services. In this chapter, you’ll integrate an OAuth2 ...

Get API Security in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

API Security in Action by Neil Madden

7 OAuth2 and OpenID Connect

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly