O'Reilly logo

OAuth 2.0 Identity and Access Management Patterns by Martin Spasovski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

OAuth 2.0 security features

OAuth 2.0 provides several features that are a part of the protocol and are related to improving security and dealing with attacks. We'll explore them one by one, by briefly explaining what each feature does, and what purpose it serves regarding security.

Scope

In the various authorization grant flows we encountered the parameter scope, which is used by the clients to specify in the request which type of access is to be granted to them on behalf of the resource owner, and is used by authorization servers in the response to confirm the same.

When an access token is issued to a client application, the scope specified in it defines the access authorization associated for that particular token. It defines which resources and ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required