What do you think?
Rate this book
API-University Series #1
OAuth 2.0: Getting Started in API Security
This book offers an introduction to API security with OAuth 2.0 and OpenID Connect. In less than 50 pages you will gain an overview of the capabilities of OAuth. You will learn the core concepts of OAuth. You will get to know all four OAuth flows that are used in cloud solutions and mobile apps.
If you have tried to read the official OAuth specification, you may get the impression that OAuth is complex. This book explains OAuth in simple terms. The different OAuth flows are visualized graphically using sequence diagrams. The diagrams allow you to see the big picture of the various OAuth interactions. This high-level overview is complemented with rich set of example requests and responses and an explanation of the technical details.
In the book the challenges and benefits of OAuth are presented, followed by an explanation of the technical concepts of OAuth. The technical concepts include the actors, endpoints, tokens and the four OAuth flows. Each flow is described in detail, including the use cases for each flow. Extensions of OAuth are presented, such as OpenID Connect and the SAML2 Bearer Profile.
Who should read this book?
You do not have the time to read long books? This book provides an overview, the core concepts, without getting lost in the small-small details. This book provides all the necessary information to get started with OAuth in less than 50 pages.
You believe OAuth is complicated? OAuth may seem complex with flows and redirects going back and forth. This book will give you clarity by introducing the seemingly complicated material by many illustrations. These illustrations clearly show all the involved interaction parties and the messages they exchange.
You want to learn the OAuth concepts efficiently? This book uses many illustrations and sequence diagrams. A good diagram says more than 1000 words.
You want to learn the difference between OAuth and OpenID Connect? You wonder when the two concepts are used, what they have in common and what is different between them. This book will help you answer this question.
You want to use OAuth in your mobile app? If you want to access resources that are protected by OAuth, you need to get a token first, before you can access the resource. For this, you need to understand the OAuth flows and the dependencies between the steps of the flows.
You want to use OAuth to protect your APIs? OAuth is perfectly suited to protect your APIs. You can learn which OAuth endpoints need to be provided and which checks need to be made within the protected APIs.
If you have tried to read the official OAuth specification, you may get the impression that OAuth is complex. This book explains OAuth in simple terms. The different OAuth flows are visualized graphically using sequence diagrams. The diagrams allow you to see the big picture of the various OAuth interactions. This high-level overview is complemented with rich set of example requests and responses and an explanation of the technical details.
In the book the challenges and benefits of OAuth are presented, followed by an explanation of the technical concepts of OAuth. The technical concepts include the actors, endpoints, tokens and the four OAuth flows. Each flow is described in detail, including the use cases for each flow. Extensions of OAuth are presented, such as OpenID Connect and the SAML2 Bearer Profile.
Who should read this book?
You do not have the time to read long books? This book provides an overview, the core concepts, without getting lost in the small-small details. This book provides all the necessary information to get started with OAuth in less than 50 pages.
You believe OAuth is complicated? OAuth may seem complex with flows and redirects going back and forth. This book will give you clarity by introducing the seemingly complicated material by many illustrations. These illustrations clearly show all the involved interaction parties and the messages they exchange.
You want to learn the OAuth concepts efficiently? This book uses many illustrations and sequence diagrams. A good diagram says more than 1000 words.
You want to learn the difference between OAuth and OpenID Connect? You wonder when the two concepts are used, what they have in common and what is different between them. This book will help you answer this question.
You want to use OAuth in your mobile app? If you want to access resources that are protected by OAuth, you need to get a token first, before you can access the resource. For this, you need to understand the OAuth flows and the dependencies between the steps of the flows.
You want to use OAuth to protect your APIs? OAuth is perfectly suited to protect your APIs. You can learn which OAuth endpoints need to be provided and which checks need to be made within the protected APIs.
61 pages, Kindle Edition
First published September 25, 2014
99 people are currently reading
72 people want to read
About the author
Matthias Biehl
13 books14 followersMatthias has provided expertise to international and national companies in the areas of API strategy, API architecture, security, software engineering and software integration. At some point, he got a PhD.
Nowadays, he uses his background in technology and software engineering to help companies realize their digital transformation agendas and bring innovative software solutions to the market.
He also loves sharing his knowledge in the classroom, at workshops, and in his books. Matthias is an instructor at the API-University, publishes a blog on APIs, is the author of several books on APIs and regularly speaks at technology conferences.
Nowadays, he uses his background in technology and software engineering to help companies realize their digital transformation agendas and bring innovative software solutions to the market.
He also loves sharing his knowledge in the classroom, at workshops, and in his books. Matthias is an instructor at the API-University, publishes a blog on APIs, is the author of several books on APIs and regularly speaks at technology conferences.
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 12 of 12 reviews
February 22, 2018
Not worth the time nor money. Does not provide anything of value.
It says a picture is worth a thousand words, while providing shitty diagrams itself.
By typing OAuth2 into Google, the first response will have a better and more concrete and concentrated overview of the subject at hand.
It says a picture is worth a thousand words, while providing shitty diagrams itself.
By typing OAuth2 into Google, the first response will have a better and more concrete and concentrated overview of the subject at hand.
February 26, 2021
Good as an introduction or a refresher
I really appreciate the minimalistic way on writing this book where new learners can get most of the need knowledge in a fast way and experts can refresh their mind as fast also!
One thing I hate was how close the last couple of cases were, not the author issue but I felt it could be written in a better way to distinguish the difference maybe with a bit more info, other than that the book was good.
I really appreciate the minimalistic way on writing this book where new learners can get most of the need knowledge in a fast way and experts can refresh their mind as fast also!
One thing I hate was how close the last couple of cases were, not the author issue but I felt it could be written in a better way to distinguish the difference maybe with a bit more info, other than that the book was good.
November 29, 2018
I like this book it simplifies Oauth 2.0 to less then 100 pages so you can grok it's important conccepts without being bogged down by the details. Its important to have the main understanding before diving in. The state diagrams in this book helped me tremendously.
May 5, 2019
Really good book
OAuth flow illustration clearly help me a lot to understand the concepts, and identify the difference between OAuth types.
Great choise if you are looking for an overview of OAuth.
OAuth flow illustration clearly help me a lot to understand the concepts, and identify the difference between OAuth types.
Great choise if you are looking for an overview of OAuth.
April 18, 2020
Short, enjoyable, very clear explanation book. I can say that I'm understanding OAuth2 well now :)
I'm sure you won't leave it once you start reading (as in my case - in one sit).
Really thanks @Matthias Biehl for this amazing book.
I'm sure you won't leave it once you start reading (as in my case - in one sit).
Really thanks @Matthias Biehl for this amazing book.
October 30, 2017
A good and accessible summary of the OAuth 2.0 principles. Perfect book to get an idea what OAuth 2.0 is about and how it works.
November 26, 2018
A decent introduction to the OAuth 2.0 standard and flows.
January 4, 2019
Quick read
Quick read on the basics of OAuth. Nice overview and easy to read and understand. I got all 5 books in the series as I wanted to learn more about RESTful API design.
Quick read on the basics of OAuth. Nice overview and easy to read and understand. I got all 5 books in the series as I wanted to learn more about RESTful API design.
December 20, 2019
If you craving some info on OAuth and have time, rather read the official specification.
January 20, 2021
Very disappointed. A lot of stuff missing (e.g. content of the JWT token), everything is very blurry imo and also way too short for the price.
January 31, 2022
This book provided a nice overview of OAuth 2.0.
Quick read on the basics of OAuth.
Easy to read and understand.
Quick read on the basics of OAuth.
Easy to read and understand.
August 25, 2015
This book presented a decent overview of OAuth, along with diagrams and explanation of the 4 flows that are part of the protocol. It was a brief and pretty terse explanation. The examples and diagrams seem to have enough information to understand exactly how the flows are configured/invoked, but it didn't go into depth explaining why things are done the way they are. I would have liked more concrete, real-world examples, as well, but the information in this small book seems valuable to anyone working in web/mobile development with APIs.
Displaying 1 - 12 of 12 reviews