Enjoy fast, free delivery, exclusive deals, and award-winning movies & TV shows with Prime
Try Prime and start saving today with fast, free delivery

$47.00 with 6 percent savings

List Price: $49.99

FREE pickup Wednesday, July 31. Order within 23 mins

THE UPS STORE

1.27 mi | ASHBURN 20147

How pickup works

In Stock

$$47.00 () Includes selected options. Includes initial monthly payment and selected options. Details

Enhancements you chose aren't available for this seller. Details

${cardName} not available for the seller you chose

${cardName} unavailable for quantities greater than ${maxQuantity}.

Sold by

Amazon.com

Sold by

Amazon.com

Returns

30-day refund/replacement

Returns

30-day refund/replacement

This item can be returned in its original condition for a full refund or replacement within 30 days of receipt.

Read full return policy

Payment

Secure transaction

Payment

Secure transaction

We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more

Details

Other sellers on Amazon

New & Used (22) from $22.90 + $3.99 shipping

Follow the authors

OAuth 2 in Action First Edition

by Justin Richer (Author), Antonio Sanso (Author)

4.7 104 ratings

See all formats and editions

{"desktop_buybox_group_1":[{"displayPrice":"$47.00","priceAmount":47.00,"currencySymbol":"$","integerValue":"47","decimalSeparator":".","fractionalValue":"00","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"Lwd5XL%2BI3%2B97nAvWdbdA1t4OGPTmqjV7RtMsGxi6mfmB%2FJznfGwXHvj6f1nakv6jmvJA%2Br67ehVlAbfy182T63vZ4%2B5khXD5HTrjpCmSnH8BJDbcqhqPv9G3HDbYr%2BWeitji0eVlfnEQSOhp1%2F5lWQ%3D%3D","locale":"en-US","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}, {"displayPrice":"$22.90","priceAmount":22.90,"currencySymbol":"$","integerValue":"22","decimalSeparator":".","fractionalValue":"90","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"Lwd5XL%2BI3%2B97nAvWdbdA1t4OGPTmqjV7qzR%2FMFyKHpN%2FADad2CfU2q7u4aR1yW7qYatZ2vtnJJb%2BzOodP5vlMl1MQugiWCDefKA2SLd9brOw8WRi%2FOvtbeyqjvbegi3dAs93aPmczT9ehyBRAsvs8kS0Si4%2Fy%2Bf7Srbo4j8SAhXdF5x7WboLXfwusURq0U0A","locale":"en-US","buyingOptionType":"USED","aapiBuyingOptionIndex":1}],"desktop_buybox_group_2":[{"displayPrice":"$47.00","priceAmount":47.00,"currencySymbol":"$","integerValue":"47","decimalSeparator":".","fractionalValue":"00","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"Lwd5XL%2BI3%2B97nAvWdbdA1t4OGPTmqjV7RtMsGxi6mfmB%2FJznfGwXHvj6f1nakv6jmvJA%2Br67ehVlAbfy182T63vZ4%2B5khXD5HTrjpCmSnH8BJDbcqhqPv9G3HDbYr%2BWeitji0eVlfnEQSOhp1%2F5lWQ%3D%3D","locale":"en-US","buyingOptionType":"PICKUP","aapiBuyingOptionIndex":2}]}

Purchase options and add-ons

Summary

OAuth 2 in Action teaches you the practical use and deployment of this HTTP-based protocol from the perspectives of a client, authorization server, and resource server. You'll learn how to confidently and securely build and deploy OAuth on both the client and server sides. Foreword by Ian Glazer.

Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.

About the Technology

Think of OAuth 2 as the web version of a valet key. It is an HTTP-based security protocol that allows users of a service to enable applications to use that service on their behalf without handing over full control. And OAuth is used everywhere, from Facebook and Google, to startups and cloud services.

About the Book

OAuth 2 in Action teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server. You'll begin with an overview of OAuth and its components and interactions. Next, you'll get hands-on and build an OAuth client, an authorization server, and a protected resource. Then you'll dig into tokens, dynamic client registration, and more advanced topics. By the end, you'll be able to confidently and securely build and deploy OAuth on both the client and server sides.

What's Inside

Covers OAuth 2 protocol and design
Authorization with OAuth 2
OpenID Connect and User-Managed Access
Implementation risks
JOSE, introspection, revocation, and registration
Protecting and accessing REST APIs

About the Reader

Readers need basic programming skills and knowledge of HTTP and JSON.

About the Author

Justin Richer is a systems architect and software engineer. Antonio Sanso is a security software engineer and a security researcher. Both authors contribute to open standards and open source.

Table of Contents

Part 1 - First steps
What is OAuth 2.0 and why should you care?
The OAuth dance
Part 2 - Building an OAuth 2 environment
Building a simple OAuth client
Building a simple OAuth protected resource
Building a simple OAuth authorization server
OAuth 2.0 in the real world
Part 3 - OAuth 2 implementation and vulnerabilities
Common client vulnerabilities
Common protected resources vulnerabilities
Common authorization server vulnerabilities
Common OAuth token vulnerabilities
Part 4 - Taking OAuth further
OAuth tokens
Dynamic client registration
User authentication with OAuth 2.0
Protocols and profiles using OAuth 2.0
Beyond bearer tokens
Summary and conclusions

ISBN-10

161729327X
ISBN-13

978-1617293276
Edition

First Edition
Publisher

Manning
Publication date

March 18, 2017
Language

English
Dimensions

7.38 x 0.8 x 9.25 inches
Print length

360 pages
See all details

Frequently bought together

This item: OAuth 2 in Action

$47.00

Get it as soon as Wednesday, Jul 31

In Stock

Ships from and sold by Amazon.com.

+

OAuth 2.0 Simplified

$34.00

Get it as soon as Wednesday, Jul 31

In Stock

Ships from and sold by Amazon.com.

+

Solving Identity Management in Modern Applications: Demystifying OAuth 2, OpenID Connect, and SAML 2

$42.27

Get it as soon as Thursday, Aug 1

Only 4 left in stock - order soon.

Sold by ayvax and ships from Amazon Fulfillment.

Total price:

To see our price, add these items to your cart.

Try again!

Details

Added to Cart

Some of these items ship sooner than the others.

Show details Hide details

Choose items to buy together.

Yvonne Wilson
14
Paperback
$42.27
Get it as soon as Thursday, Aug 1
FREE Shipping by Amazon
Only 4 left in stock - order soon.
Aaron Parecki
72
Paperback
$34.00
Get it as soon as Wednesday, Jul 31
FREE Shipping on orders over $35 shipped by Amazon
Prabath Siriwardena
43
Paperback
$20.97
Get it as soon as Wednesday, Jul 31
FREE Shipping on orders over $35 shipped by Amazon
Ryan Boyd
85
Paperback
$19.73
Get it as soon as Wednesday, Jul 31
FREE Shipping on orders over $35 shipped by Amazon
Daniel Deogun
59
Paperback
$49.99
Get it as soon as Wednesday, Jul 31
FREE Shipping by Amazon
Only 20 left in stock (more on the way).
JJ Geewax
53
Paperback
$54.75
Get it as soon as Wednesday, Jul 31
FREE Shipping by Amazon

From the Publisher

About this Book

This book is intended to be a comprehensive and thorough treatment of the OAuth 2.0 protocol and many of its surrounding technologies, including OpenID Connect and JOSE/JWT. We want you to come away from this book with a deep understanding of what OAuth can do, why it works the way that it does, and how to deploy it properly and securely in an unsafe internet.

The target reader for this book is someone who’s probably used OAuth 2.0, or at least heard of it, but doesn’t really know how it works or why it works that way. Maybe you’ve even developed one or more OAuth 2.0 components, such as a client to talk to a specific API, but you’re curious about other kinds of clients, or other parts of the OAuth 2.0 ecosystem. Perhaps you wonder, 'What’s the authorization server doing when you go ask for that authorization code, anyway?' Or perhaps you’re tasked with protecting an API and you want to know if OAuth 2.0 is really going to do the job, and if so, how are you supposed to manage that? Maybe in your day job you’re building a client, but you want to know what the protected resource does with that token you sent it. Or maybe you’re building and protecting an API, but you want to know what the authorization server you’re talking to does to get those tokens into the right place. We want you to understand what the tool, OAuth 2.0, is really good at and how you can wield it effectively.

We’re going to assume you know the basics of how HTTP works, and at least understand the utility of encrypting connections using TLS, if not the intimate details of how it works. Our code is all in JavaScript, but this isn’t a book about JavaScript, and so we’ve done our best to explain the abstractions and functionality that the code itself represents so that you can apply it to your own platform and language.

Editorial Reviews

About the Author

Justin Richer is a systems architect, software engineer, standards editor, and service designer working as an independent consultant.

Antonio Sanso works as Security Software Engineer, he is a vulnerability security researcher and an active open source contributor.

Product details

Publisher ‏ : ‎ Manning; First Edition (March 18, 2017)
Language ‏ : ‎ English
Paperback ‏ : ‎ 360 pages
ISBN-10 ‏ : ‎ 161729327X
ISBN-13 ‏ : ‎ 978-1617293276
Item Weight ‏ : ‎ 1.33 pounds
Dimensions ‏ : ‎ 7.38 x 0.8 x 9.25 inches

Best Sellers Rank: #543,627 in Books (See Top 100 in Books)
- #154 in Web Services
- #389 in Computer Network Security
- #739 in Internet & Telecommunications

Customer Reviews:
4.7 104 ratings

Brief content visible, double tap to read full content.

Full content visible, double tap to read brief content.

Videos

Help others learn more about this product by uploading a video!

Upload your video

About the authors

Follow authors to get new release updates, plus improved recommendations.

Justin Richer
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.
Justin Richer is a security architect, software engineer, standards editor, and service designer with over fifteen years of industry experience. OAuth 2 In Action, with Antonio Sanso, is Justin's first book.
Justin is the editor of OAuth Dynamic Client Registration (RFC 7591 and 7592), and OAuth Token Introspection (RFC 7662). He wrote the pioneering Vectors of Trust in the IETF and is a co-author of NIST Special Publication 800-63 version 3, with a focus on the federation and assertion requirements. He’s the editor of the HEART specifications, applying identity and security standards to the healthcare vertical. He is the co-author of the User-Managed Access (UMA) 2.0 specification.
Justin is the founder and maintainer of the MITREid Connect open source project through the MIT Internet Trust Consortium. MITREid Connect is one of the leading reference implementations of OAuth 2, OpenID Connect, and UMA.
An ardent proponent of open standards and open source, he believes in solving hard problems with the right solution, even if that solution still needs to be invented.
See more on the author's page
Antonio Sanso
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.
Antonio works as Senior Software Engineer at Adobe Research Switzerland where he is part of the Adobe Experience Manager security team. Prior to this, he worked as software engineer in the IBM Dublin Software Lab, Ireland. He found vulnerabilities in popular software as OpenSSL, Google Chrome, Apple Safari and is included in the Google, Facebook, Microsoft, Paypal and Github security hall of fame. He is an avid open source contributor, being the Vice President (chair) for Apache Oltu and PMC member for Apache Sling. His working interests span from web application security to cryptography. Antonio is also the author of more than a dozen computer security patents and applied cryptography academic papers. He holds an MSc in Computer Science
See more on the author's page

Customer reviews

104 global ratings

How customer reviews and ratings work

Sort reviews by

Top reviews from the United States

There was a problem filtering reviews right now. Please try again later.

Drew Fleming

From Worst to First

Reviewed in the United States on January 27, 2020

Verified Purchase

When my boss told me I was issuing a token to myself I knew I needed help.

There I was needing to secure an API using Azure AD with no prior web authentication experience other than “we look up your hashed password in a database”. I didn’t know where to even begin! As it turned out I had to ask for help with the assignment but I knew I would need to brush up on this topic later on in my career.

Fast forward a few months and I decided to pick up this book. I read every chapter and completed all the examples and I now feel like a true expert. In all honesty, the OAuth 2.0 flows themselves are not complex and their power lies in their simplicity, but this book does a great job at keeping a good pace and covers all the concepts throughly with consideration of the “why” and not just the “how”.

I recommend reading the entire book for anyone that wants to have a solid grasp on OAuth but a crash course can be obtained by just reading parts one and two.

I will say I was burned out by the time I reached chapters 14-15. They were simply too complex for me to retain at the time, but I am going to circle back and reread those chapters in the future. One other technical issue is the shipped code does not work with the latest NoSQL npm package so I had to find a workaround to get the assignments to work properly.

If you were like me faced with securing an API and don’t know the difference is between an access code and a token, pick this up right now!

15 people found this helpful

Helpful

hutchscouter

Comprehensive and accessible OAuth resource

Reviewed in the United States on January 3, 2019

Verified Purchase

This is not only the most comprehensive book available about OAuth but it is also the most accessible, which is a neat trick to pull off. Justin and Antonio expertly guide the reader by providing an overview of what OAuth is by talking about why it came to be and what it was meant to solve. They describe the flow between all of the different players in the framework followed by dedicated chapters for each one of those participants before presenting the reader with more advanced topics. One of those is easily the best description ever written about dynamic client registration, which I have referred to many times in our own implementation. As a cybersecurity architect, I particularly appreciate the 50 pages of detailed discussion about common vulnerabilities of different parts of the system. It’s a fantastic resource that you’ll not only refer to again and again, but also a resource to lend to those new identity professionals that you’re trying to grow.

8 people found this helpful

Helpful

Yuri Stsepaniuk

Don't think, add to cart and check out!

Reviewed in the United States on August 27, 2017

Verified Purchase

Folks did great job! Please write one more book on Open ID Connect, I'll buy it! I see that js is not primary language of authors or usage of js was by intention simplified since some readers might be not familiar with js. It was good surprise that book is on js. I like js. I will monitor and buy all next editions of that great book! Also authors linked many good articles about security. I was thinking about reading one web hacker book first before that one, but changed my mind, because of necessities on the project to use oauth2, I don't regret since book is really clear.

3 people found this helpful

Helpful

Robert Kondner

Best Software Book I Ever Bought

Reviewed in the United States on February 21, 2019

Verified Purchase

This is a really good book. Include both message passing images and packet content. Well organized. I have bought a lot of software books but this is the best I have ever seen. If you need to know OAuth2 this is your ticket to ride. The page count is higher than other books pbecause they included the transistion drawings.

3 people found this helpful

Helpful

Nika G.

A great buy

Reviewed in the United States on February 8, 2022

Verified Purchase

If you need a comprehensive OAuth guide, look no further.

One person found this helpful

Helpful

Jason

Consie and well writtern

Reviewed in the United States on March 13, 2020

Verified Purchase

Great book, concise and very well written. Examples are well written and explained very well. If your looking for a thorough overview of OAuth 2 with some nice examples then this is the right book for you.

Helpful

pingfr

Buy it if you are new to Oauth 2

Reviewed in the United States on September 1, 2017

Verified Purchase

Bought the book to understand the standard. It covered the basics as well as introducing some extended classes like Open ID. Book came with code examples. Well worth the money. Easier to dive into than the standards themselves.

5 people found this helpful

Helpful

William

A must have for your security reference library

Reviewed in the United States on August 11, 2017

Verified Purchase

This book provides all of the details for you to understand and work with OAuth 2.0. The lab exercises supplied with the book really accentuate the information. This is a definite must have resource for both developers and credential management security experts.

2 people found this helpful

Helpful

Top reviews from other countries

Translate all reviews to English

Cliente de Amazon

Si quieres entender OAuth este libro es para ti

Reviewed in Mexico on December 2, 2019

Verified Purchase

Excelente libro, explicaciones claras y concisas, proporciona un conocimiento bastante amplio sobre qué es y cómo funciona OAuth.

Translate review to English

Ying Sun

Great book for anyone who wants to learn OAuth!

Reviewed in Canada on June 15, 2018

Verified Purchase

This is a great book for anyone who wants to learn OAuth. This book has made a complex topic easy to digest. I have some exposure to OAuth/OIDC but there are some pieces that are always vague. After reading this book those vagueness went away. If you are new to OAuth/OIDC this book is definitely worth the time and effort.

Olga TESTA

PARFAIT

Reviewed in France on January 6, 2019

Verified Purchase

très utile en complément pour les études

Translate review to English

Dieter

Ein sehr gutes Buch

Reviewed in Germany on November 11, 2018

Verified Purchase

Die ersten 2 Kapitel geben einen sehr guten Einblick, wie OAuth an sich funktioniert. Danach wird das Wissen mit weiteren Erklärung, begleitet von praktischen Übungen, vertieft.

Die Übungen erweitern ein vorhandenes nodejs-Projekt, dass auf github bereitsteht.
Die Lösungen sind im Übungsprojekt vorhanden und können mit der eigenen Lösung verglichen
werden.

Neben der Verwendung von OAuth in einem Web-Projekt, gibt es auch einige Übungen, wie man OAuth in einem Mobile-Projekt verwendet. Dafür arbeitet man mit einem Apache Cordova Projekt.

Was sehr gelungen ist, ist die Abhandlung über die Sicherheit von OAuth und welche Schritte man unternehmen muss,
um diese zu gewährleisten.

4 people found this helpful

Translate review to English

Kevin Mayfield

Top resource for OAuth2

Reviewed in the United Kingdom on December 13, 2017

Verified Purchase

This is the clearest book and description on OAuth2, examples are javascript but used as psuedo code which clearly explain coding to programmers.

For example the section on introspection explained how to use it, when to use, why to use and when I wouldn't necessarily use it. I've not found any other source that covers all this together.

7 people found this helpful

See more reviews

Customers who viewed this item also viewed

Image Unavailable

Follow the authors