![Amazon prime logo](https://cdn.statically.io/img/m.media-amazon.com/images/G/01/marketing/prime/new_prime_logo_RGB_blue._CB426090081_.png)
Enjoy fast, free delivery, exclusive deals, and award-winning movies & TV shows with Prime
Try Prime
and start saving today with fast, free delivery
Amazon Prime includes:
Fast, FREE Delivery is available to Prime members. To join, select "Try Amazon Prime and start saving today with Fast, FREE Delivery" below the Add to Cart button.
Amazon Prime members enjoy:- Cardmembers earn 5% Back at Amazon.com with a Prime Credit Card.
- Unlimited Free Two-Day Delivery
- Streaming of thousands of movies and TV shows with limited ads on Prime Video.
- A Kindle book to borrow for free each month - with no due dates
- Listen to over 2 million songs and hundreds of playlists
- Unlimited photo storage with anywhere access
Important: Your credit card will NOT be charged when you start your free trial or if you cancel during the trial period. If you're happy with Amazon Prime, do nothing. At the end of the free trial, your membership will automatically upgrade to a monthly membership.
Buy new:
-6% $47.00$47.00
Ships from: Amazon.com Sold by: Amazon.com
Save with Used - Good
$22.90$22.90
$3.99 delivery August 7 - 8
Ships from: Seattlegoodwill Sold by: Seattlegoodwill
Learn more
1.27 mi | ASHBURN 20147
![Kindle app logo image](https://cdn.statically.io/img/m.media-amazon.com/images/G/01/kindle/app/kindle-app-logo._CB668847749_.png)
Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.
Read instantly on your browser with Kindle for Web.
Using your mobile phone camera - scan the code below and download the Kindle app.
Follow the authors
OK
OAuth 2 in Action First Edition
Purchase options and add-ons
OAuth 2 in Action teaches you the practical use and deployment of this HTTP-based protocol from the perspectives of a client, authorization server, and resource server. You'll learn how to confidently and securely build and deploy OAuth on both the client and server sides. Foreword by Ian Glazer.
Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.
About the Technology
Think of OAuth 2 as the web version of a valet key. It is an HTTP-based security protocol that allows users of a service to enable applications to use that service on their behalf without handing over full control. And OAuth is used everywhere, from Facebook and Google, to startups and cloud services.
About the Book
OAuth 2 in Action teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server. You'll begin with an overview of OAuth and its components and interactions. Next, you'll get hands-on and build an OAuth client, an authorization server, and a protected resource. Then you'll dig into tokens, dynamic client registration, and more advanced topics. By the end, you'll be able to confidently and securely build and deploy OAuth on both the client and server sides.
What's Inside
- Covers OAuth 2 protocol and design
- Authorization with OAuth 2
- OpenID Connect and User-Managed Access
- Implementation risks
- JOSE, introspection, revocation, and registration
- Protecting and accessing REST APIs
About the Reader
Readers need basic programming skills and knowledge of HTTP and JSON.
About the Author
Justin Richer is a systems architect and software engineer. Antonio Sanso is a security software engineer and a security researcher. Both authors contribute to open standards and open source.
Table of Contents
Part 1 - First steps
- What is OAuth 2.0 and why should you care?
- The OAuth dance
Part 2 - Building an OAuth 2 environment
- Building a simple OAuth client
- Building a simple OAuth protected resource
- Building a simple OAuth authorization server
- OAuth 2.0 in the real world
Part 3 - OAuth 2 implementation and vulnerabilities
- Common client vulnerabilities
- Common protected resources vulnerabilities
- Common authorization server vulnerabilities
- Common OAuth token vulnerabilities
Part 4 - Taking OAuth further
- OAuth tokens
- Dynamic client registration
- User authentication with OAuth 2.0
- Protocols and profiles using OAuth 2.0
- Beyond bearer tokens
- Summary and conclusions
- ISBN-10161729327X
- ISBN-13978-1617293276
- EditionFirst Edition
- PublisherManning
- Publication dateMarch 18, 2017
- LanguageEnglish
- Dimensions7.38 x 0.8 x 9.25 inches
- Print length360 pages
Frequently bought together
![OAuth 2 in Action](https://cdn.statically.io/img/images-na.ssl-images-amazon.com/images/I/71mngk3woVL._AC_UL116_SR116,116_.jpg)
Similar items that may ship from close to you
- Solving Identity Management in Modern Applications: Demystifying OAuth 2, OpenID Connect, and SAML 2PaperbackFREE Shipping by AmazonGet it as soon as Thursday, Aug 1Only 4 left in stock - order soon.
- OAuth 2.0 SimplifiedPaperbackFREE Shipping on orders over $35 shipped by AmazonGet it as soon as Wednesday, Jul 31
- Advanced API Security: OAuth 2.0 and BeyondPaperbackFREE Shipping on orders over $35 shipped by AmazonGet it as soon as Wednesday, Jul 31
- Getting Started with OAuth 2.0: Programming Clients for Secure Web API Authorization and AuthenticationPaperbackFREE Shipping on orders over $35 shipped by AmazonGet it as soon as Wednesday, Jul 31
- Secure By DesignPaperbackFREE Shipping by AmazonGet it as soon as Wednesday, Jul 31Only 20 left in stock (more on the way).
From the Publisher
![](https://m.media-amazon.com/images/S/aplus-media/vc/639866b8-f947-4a16-b221-81a6f7962789._SL300__.jpg)
About this Book
This book is intended to be a comprehensive and thorough treatment of the OAuth 2.0 protocol and many of its surrounding technologies, including OpenID Connect and JOSE/JWT. We want you to come away from this book with a deep understanding of what OAuth can do, why it works the way that it does, and how to deploy it properly and securely in an unsafe internet.
The target reader for this book is someone who’s probably used OAuth 2.0, or at least heard of it, but doesn’t really know how it works or why it works that way. Maybe you’ve even developed one or more OAuth 2.0 components, such as a client to talk to a specific API, but you’re curious about other kinds of clients, or other parts of the OAuth 2.0 ecosystem. Perhaps you wonder, 'What’s the authorization server doing when you go ask for that authorization code, anyway?' Or perhaps you’re tasked with protecting an API and you want to know if OAuth 2.0 is really going to do the job, and if so, how are you supposed to manage that? Maybe in your day job you’re building a client, but you want to know what the protected resource does with that token you sent it. Or maybe you’re building and protecting an API, but you want to know what the authorization server you’re talking to does to get those tokens into the right place. We want you to understand what the tool, OAuth 2.0, is really good at and how you can wield it effectively.
We’re going to assume you know the basics of how HTTP works, and at least understand the utility of encrypting connections using TLS, if not the intimate details of how it works. Our code is all in JavaScript, but this isn’t a book about JavaScript, and so we’ve done our best to explain the abstractions and functionality that the code itself represents so that you can apply it to your own platform and language.
Editorial Reviews
About the Author
Antonio Sanso works as Security Software Engineer, he is a vulnerability security researcher and an active open source contributor.
Product details
- Publisher : Manning; First Edition (March 18, 2017)
- Language : English
- Paperback : 360 pages
- ISBN-10 : 161729327X
- ISBN-13 : 978-1617293276
- Item Weight : 1.33 pounds
- Dimensions : 7.38 x 0.8 x 9.25 inches
- Best Sellers Rank: #543,627 in Books (See Top 100 in Books)
- #154 in Web Services
- #389 in Computer Network Security
- #739 in Internet & Telecommunications
- Customer Reviews:
About the authors
Justin Richer is a security architect, software engineer, standards editor, and service designer with over fifteen years of industry experience. OAuth 2 In Action, with Antonio Sanso, is Justin's first book.
Justin is the editor of OAuth Dynamic Client Registration (RFC 7591 and 7592), and OAuth Token Introspection (RFC 7662). He wrote the pioneering Vectors of Trust in the IETF and is a co-author of NIST Special Publication 800-63 version 3, with a focus on the federation and assertion requirements. He’s the editor of the HEART specifications, applying identity and security standards to the healthcare vertical. He is the co-author of the User-Managed Access (UMA) 2.0 specification.
Justin is the founder and maintainer of the MITREid Connect open source project through the MIT Internet Trust Consortium. MITREid Connect is one of the leading reference implementations of OAuth 2, OpenID Connect, and UMA.
An ardent proponent of open standards and open source, he believes in solving hard problems with the right solution, even if that solution still needs to be invented.
Antonio works as Senior Software Engineer at Adobe Research Switzerland where he is part of the Adobe Experience Manager security team. Prior to this, he worked as software engineer in the IBM Dublin Software Lab, Ireland. He found vulnerabilities in popular software as OpenSSL, Google Chrome, Apple Safari and is included in the Google, Facebook, Microsoft, Paypal and Github security hall of fame. He is an avid open source contributor, being the Vice President (chair) for Apache Oltu and PMC member for Apache Sling. His working interests span from web application security to cryptography. Antonio is also the author of more than a dozen computer security patents and applied cryptography academic papers. He holds an MSc in Computer Science
Customer reviews
Customer Reviews, including Product Star Ratings help customers to learn more about the product and decide whether it is the right product for them.
To calculate the overall star rating and percentage breakdown by star, we don’t use a simple average. Instead, our system considers things like how recent a review is and if the reviewer bought the item on Amazon. It also analyzed reviews to verify trustworthiness.
Learn more how customers reviews work on Amazon-
Top reviews
Top reviews from the United States
There was a problem filtering reviews right now. Please try again later.
There I was needing to secure an API using Azure AD with no prior web authentication experience other than “we look up your hashed password in a database”. I didn’t know where to even begin! As it turned out I had to ask for help with the assignment but I knew I would need to brush up on this topic later on in my career.
Fast forward a few months and I decided to pick up this book. I read every chapter and completed all the examples and I now feel like a true expert. In all honesty, the OAuth 2.0 flows themselves are not complex and their power lies in their simplicity, but this book does a great job at keeping a good pace and covers all the concepts throughly with consideration of the “why” and not just the “how”.
I recommend reading the entire book for anyone that wants to have a solid grasp on OAuth but a crash course can be obtained by just reading parts one and two.
I will say I was burned out by the time I reached chapters 14-15. They were simply too complex for me to retain at the time, but I am going to circle back and reread those chapters in the future. One other technical issue is the shipped code does not work with the latest NoSQL npm package so I had to find a workaround to get the assignments to work properly.
If you were like me faced with securing an API and don’t know the difference is between an access code and a token, pick this up right now!
Top reviews from other countries
![](https://images-na.ssl-images-amazon.com/images/S/amazon-avatars-global/default._CR0,0,1024,1024_SX48_.png)
![](https://images-na.ssl-images-amazon.com/images/S/amazon-avatars-global/default._CR0,0,1024,1024_SX48_.png)
![](https://images-eu.ssl-images-amazon.com/images/S/amazon-avatars-global/default._CR0,0,1024,1024_SX48_.png)
![](https://images-eu.ssl-images-amazon.com/images/S/amazon-avatars-global/default._CR0,0,1024,1024_SX48_.png)
Die Übungen erweitern ein vorhandenes nodejs-Projekt, dass auf github bereitsteht.
Die Lösungen sind im Übungsprojekt vorhanden und können mit der eigenen Lösung verglichen
werden.
Neben der Verwendung von OAuth in einem Web-Projekt, gibt es auch einige Übungen, wie man OAuth in einem Mobile-Projekt verwendet. Dafür arbeitet man mit einem Apache Cordova Projekt.
Was sehr gelungen ist, ist die Abhandlung über die Sicherheit von OAuth und welche Schritte man unternehmen muss,
um diese zu gewährleisten.
![](https://images-eu.ssl-images-amazon.com/images/S/amazon-avatars-global/default._CR0,0,1024,1024_SX48_.png)
For example the section on introspection explained how to use it, when to use, why to use and when I wouldn't necessarily use it. I've not found any other source that covers all this together.