Skip to Content
Getting Started with OAuth 2.0
book

Getting Started with OAuth 2.0

by Ryan Boyd
February 2012
Beginner to intermediate
78 pages
2h 13m
English
O'Reilly Media, Inc.
Content preview from Getting Started with OAuth 2.0

Performance Improvements

The objective of the call to the Check ID Endpoint is to verify the legitimacy of the id_token. However, this requires an additional HTTP request to the OpenID Connect identity provider. This additional request can be avoided since the id_token is returned as a signed JSON Web Token (JWT) instead of as an opaque blob. The JWT includes the same information that is typically returned by the Check ID Endpoint, but the value is also cryptographically signed by the server in a way that can be validated by the client.

This gives the client the option to verify the signature using the JWT (for best performance) or simply call the Check ID Endpoint if the client wants to avoid cryptography.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

OAuth 2 in Action

OAuth 2 in Action

Justin Richer, Antonio Sanso
Advanced API Security: OAuth 2.0 and Beyond
Solving Identity Management in Modern Applications: Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0
Solving Identity Management in Modern Applications: Demystifying OAuth 2, OpenID Connect, and SAML 2

Publisher Resources

ISBN: 9781449317843Errata PageSupplemental Content