Chapter 15. Beyond bearer tokens

This chapter covers

  • Why OAuth bearer tokens don’t fit all scenarios
  • The proposed OAuth Proof of Possession (PoP) token type
  • The proposed Transport Layer of Security (TLS) token-binding method

OAuth is a protocol that provides a powerful delegation mechanism on top of many different applications and APIs, and at the core of the OAuth protocol is the OAuth token. So far in this book, all of the tokens that we’ve used have been bearer tokens. As we covered in chapter 10, bearer tokens can be used by anyone who carries, or bears, them to the protected resource. This is an intentional design choice used in many systems, and they’re far and away the most used type of token in OAuth systems. In addition to the simplicity ...

Get OAuth 2 in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.