You're reading from Mastering OAuth 2.0 Create powerful applications to interact with popular service providers such as Facebook, Google, Twitter, and more by leveraging the OAuth 2.0 Authorization Framework

Product type Paperback

Published in Dec 2015

Publisher Packt

ISBN-13 9781784395407

Length 238 pages

Edition 1st Edition

Languages

Java

Tools

OAuth

Concepts

Cybersecurity

Table of Contents (17) Chapters

Preface

1. Why Should I Care About OAuth 2.0? FREE CHAPTER

2. A Bird's Eye View of OAuth 2.0

3. Four Easy Steps

4. Register Your Application

5. Get an Access Token with the Client-Side Flow

6. Get an Access Token with the Server-Side Flow

7. Use Your Access Token

8. Refresh Your Access Token

9. Security Considerations

10. What About Mobile?

11. Tooling and Troubleshooting

12. Extensions to OAuth 2.0

A. Resource Owner Password Credentials Grant

B. Client Credentials Grant

C. Reference Specifications

Index

What are the differences?

The main differences between the server-side workflow and the client-side workflow can be summarized in this table:

	Simplicity	Security	Access duration
Server-side flow (authorization code grant flow)	More complex: In order to facilitate the secure storage and transmission of confidential data, a backend server and data store must be maintained.	More secure: The server-side flow never exposes the key to the browser, and so has a significantly smaller chance of being leaked.	Long-term: Because an application using the authorization code grant flow is trusted to store confidential information, it can store properties needed for long-term, even offline, access.
Client-side flow (implicit grant flow)	Less complex: Due to the more relaxed requirements around security for untrusted applications, no backend server or data store is required. Everything can happen from the browser.	Less secure: The key is passed directly to the browser and so has a much...

Simplicity

Security

Access duration

Server-side flow

(authorization code grant flow)

More complex: In order to facilitate the secure storage and transmission of confidential data, a backend server and data store must be maintained.

More secure: The server-side flow never exposes the key to the browser, and so has a significantly smaller chance of being leaked.

Long-term: Because an application using the authorization code grant flow is trusted to store confidential information, it can store properties needed for long-term, even offline, access.

Client-side flow

(implicit grant flow)

Less complex: Due to the more relaxed requirements around security for untrusted applications, no backend server or data store is required. Everything can happen from the browser.

Less secure: The key is passed directly to the browser and so has a much...

The rest of the chapter is locked

You're reading from Mastering OAuth 2.0 Create powerful applications to interact with popular service providers such as Facebook, Google, Twitter, and more by leveraging the OAuth 2.0 Authorization Framework

Table of Contents (17) Chapters

What are the differences?

Unlock this book and the full library FREE for 7 days

Personalised recommendations for you