Skip to Main Content
Designing Evolvable Web APIs with ASP.NET
book

Designing Evolvable Web APIs with ASP.NET

by Glenn Block, Pablo Cibraro, Pedro Felix, Howard Dierking, Darrel Miller
March 2014
Intermediate to advanced content levelIntermediate to advanced
538 pages
13h 19m
English
O'Reilly Media, Inc.
Content preview from Designing Evolvable Web APIs with ASP.NET

Chapter 16. The OAuth 2.0 Authorization Framework

Delegata potestas non potest delegari.

The OAuth 2.0 Authorization Framework, defined by RFC 6749, is an evolution of the OAuth 1.0 protocol. At the time of writing, it is used by several popular Web APIs such as the Google APIs, Facebook, and GitHub. Its main usage scenario is delegated constrained authorization. As an example, consider the fictional scenario depicted in Figure 16-1.

Delegated authorization scenario
Figure 16-1. Delegated authorization scenario

In the figure, you can see that:

  • storecode.example is a website for storing and managing code repositories, with an associated Web API.
  • checkcode.example is a service for building and analyzing code, providing functionalities such as continuous integration, coding rules checking, error estimation, and test coverage.
  • Alice uses the storecode.example site to store and manage her private code.

Alice wants to use the checkcode.example service to analyze the code she’s stored at storecode.example. The fact that storecode.example provides an API is an important enabler for this scenario, but a problem remains: how can Alice allow checkcode.example to access some of her private code repositories?

A solution to this problem would be for Alice to provide her storecode.example credentials (e.g., username and password) to checkcode.example, so that this service could access her private code. However, this solution has ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Mastering ASP.NET Web API

Mastering ASP.NET Web API

Mithun Pattankar, Malendra Hurbuns
Enterprise Application Development with C# 9 and .NET 5

Enterprise Application Development with C# 9 and .NET 5

Ravindra Akella, Rishabh Verma, Arun Kumar Tamirisa, Suneel Kumar Kunani, Bhupesh Guptha Muthiyalu

Publisher Resources

ISBN: 9781449337919Errata Page