Appendix A. OAuth 2.0 and OpenID Connect

OAuth 2.0 is an authorization framework developed by the Internet Engineering Task Force (IETF) OAuth working group. It’s defined in RFC 6749. The fundamental focus of OAuth 2.0 is to fix the access delegation problem. OpenID Connect (OIDC) is an identity layer built on top of OAuth 2.0, and the OpenID Foundation developed the OpenID Connect specification.

In chapter 2, we briefly discussed OAuth 2.0 and how to use it to protect a microservice and to do service-level authorization with OAuth 2.0 scopes. Then in chapter 3, we discussed how to use the Zuul API gateway for OAuth 2.0 token validation. In chapter 4, we discussed how to log in to a SPA with OpenID Connect and then access the Order Processing ...

Get Microservices Security in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microservices Security in Action by Prabath Siriwardena, Wajjakkara Kankanamge Anthony Nuwan Dias

Appendix A. OAuth 2.0 and OpenID Connect

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly