– Justin Richer, Antonio Sanso
Part 1 First steps .................................................................1
1 ■ What is OAuth 2.0 and why should you care? 3
2 ■ The OAuth dance 21
Part 2 Building an OAuth 2 environment ......................41
3 ■ Building a simple OAuth client 43 (April 20)
4 ■ Building a simple OAuth protected resource 59 (May 4)
5 ■ Building a simple OAuth authorization server 75 (May 18)
6 ■ OAuth 2.0 in the real world 93 (June 1)
Part 3 OAuth 2 implementation and vulnerabilities ............................119
7 ■ Common client vulnerabilities 121
8 ■ Common protected resources vulnerabilities 138
9 ■ Common authorization server vulnerabilities 154
10 ■ Common OAuth token vulnerabilities 168
Part 4 Taking OAuth further ..........................................179
11 ■ OAuth tokens 181
12 ■ Dynamic client registration 208
13 ■ User authentication with OAuth 2.0 236
14 ■ Protocols and profiles using OAuth 2.0 262
15 ■ Beyond bearer tokens 282
16 ■ Summary and conclusions 298