Chapter 13. User authentication with OAuth 2.0

This chapter covers

The reasons OAuth 2.0 is not an authentication protocol
Building an authentication protocol using OAuth 2.0
Identifying and avoiding common mistakes when using OAuth 2.0 in authentication
Implementing OpenID Connect on top of OAuth 2.0

The OAuth 2.0 specification defines a delegation protocol useful for conveying authorization decisions across a network of web-enabled applications and APIs. Because OAuth 2.0 is used to gather the consent of an authenticated end user, many developers and API providers have concluded that OAuth 2.0 is an authentication protocol that can be used to log in users securely. However, in spite of it being a security protocol that makes use of user ...

Get OAuth 2 in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

OAuth 2 in Action by Justin Richer, Antonio Sanso

Chapter 13. User authentication with OAuth 2.0

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly