OAuth 2.0: Schnelleinstieg in Web-API Security (API University Series)

API-University Series #1

by Matthias Biehl

Dieses Buch bietet einen Schnelleinstieg in Web-API Security mit OAuth 2.0 und OpenID Connect. Es vermittelt einen Überblick über die komplexe Materie, behandelt die wichtigsten Kernkonzepte und illustriert die OAuth Flows anhand vieler Abbildungen. Zunächst werden Herausforderung und Nutzen von OAuth vorgestellt, daraufhin werden technischen Konzepte von OAuth erläutert. Die technischen Konzepte beinhalten die involvierten Aktoren, die Endpoints, die verschiedenen Tokens und die vier OAuth Flows. Auf alle vier verschiedenen OAuth Flows wird im Detail eingegangen. Insbesondere werden die Anwendungsszenarien für jeden Flow beschrieben. Anschließend werden Erweiterungen des Standards vorgestellt, wie OpenID Connect und das SAML2 Bearer Profile. Hinweise zum sicheren Einsatz von OAuth runden das Buch ab.

35 pages, Kindle Edition

First published September 25, 2014

About the author

Matthias has provided expertise to international and national companies in the areas of API strategy, API architecture, security, software engineering and software integration. At some point, he got a PhD.

Nowadays, he uses his background in technology and software engineering to help companies realize their digital transformation agendas and bring innovative software solutions to the market.

He also loves sharing his knowledge in the classroom, at workshops, and in his books. Matthias is an instructor at the API-University, publishes a blog on APIs, is the author of several books on APIs and regularly speaks at technology conferences.

Reviews

[Toomas · Rating 1 out of 5]

Not worth the time nor money. Does not provide anything of value.
It says a picture is worth a thousand words, while providing shitty diagrams itself.
By typing OAuth2 into Google, the first response will have a better and more concrete and concentrated overview of the subject at hand.

[Khaled Al-Ansari · Rating 3 out of 5]

Good as an introduction or a refresher

I really appreciate the minimalistic way on writing this book where new learners can get most of the need knowledge in a fast way and experts can refresh their mind as fast also!

One thing I hate was how close the last couple of cases were, not the author issue but I felt it could be written in a better way to distinguish the difference maybe with a bit more info, other than that the book was good.

[Kian.ting · Rating 5 out of 5]

I like this book it simplifies Oauth 2.0 to less then 100 pages so you can grok it's important conccepts without being bogged down by the details. Its important to have the main understanding before diving in. The state diagrams in this book helped me tremendously.

[Mohamed boulaki · Rating 4 out of 5]

Really good book

OAuth flow illustration clearly help me a lot to understand the concepts, and identify the difference between OAuth types.
Great choise if you are looking for an overview of OAuth.

[Omar Nassar · Rating 5 out of 5]

Short, enjoyable, very clear explanation book. I can say that I'm understanding OAuth2 well now :)

I'm sure you won't leave it once you start reading (as in my case - in one sit).

Really thanks @Matthias Biehl for this amazing book.

[Ivan · Rating 4 out of 5]

A good and accessible summary of the OAuth 2.0 principles. Perfect book to get an idea what OAuth 2.0 is about and how it works.

[Andrew Versalle · Rating 3 out of 5]

A decent introduction to the OAuth 2.0 standard and flows.

[Abhijit Mazumdar · Rating 5 out of 5]

Quick read

Quick read on the basics of OAuth. Nice overview and easy to read and understand. I got all 5 books in the series as I wanted to learn more about RESTful API design.

[Thando Tettey · Rating 1 out of 5]

If you craving some info on OAuth and have time, rather read the official specification.

[SolidM · Rating 1 out of 5]

Very disappointed. A lot of stuff missing (e.g. content of the JWT token), everything is very blurry imo and also way too short for the price.

[Surattikorn · Rating 5 out of 5]

This book provided a nice overview of OAuth 2.0.
Quick read on the basics of OAuth.
Easy to read and understand.

[Chris · Rating 3 out of 5]

This book presented a decent overview of OAuth, along with diagrams and explanation of the 4 flows that are part of the protocol. It was a brief and pretty terse explanation. The examples and diagrams seem to have enough information to understand exactly how the flows are configured/invoked, but it didn't go into depth explaining why things are done the way they are. I would have liked more concrete, real-world examples, as well, but the information in this small book seems valuable to anyone working in web/mobile development with APIs.