Page History

This is the wiki home of a self-organized study group on OAuth2 and OpenID Connect (OIDC)

Info

title	Our next meeting will occur on Thursday, June 1 at 2 October 5, 2:00 pm Eastern, 11 am Pacific

Subscribe to mailing list, tier-oauth@internet2.edu

Agenda and Notes Online

To join via computer audio/video - https://bluejeans.com/678543210/browser

To join via Phone:

1) Dial:

+1.408.740.7256
+1.888.240.2560(US Toll Free)
+1.408.317.9253(Alternate number)
(see all numbers - http://bluejeans.com/numbers)

2) Enter Conference ID: 678543210#

References and Links

Recommended but not required: OAuth 2 in Action, Justin Richer and Antonio Sanso

...

OAUTH2 IN ACTION, Justin Richer, Antonio Sanso

Part 1 First steps .................................................................1

1 ■ What is OAuth 2.0 and why should you care? 3

2 ■ The OAuth dance 21

Part 2 Building an OAuth 2 environment ......................41

3 ■ Building a simple OAuth client 43 (April 20)

4 ■ Building a simple OAuth protected resource 59 (May 4)

5 ■ Building a simple OAuth authorization server 75 (May 18)

6 ■ OAuth 2.0 in the real world 93 (June 1)

Part 3 OAuth 2 implementation and vulnerabilities ............................119

7 ■ Common client vulnerabilities 121

8 ■ Common protected resources vulnerabilities 138

9 ■ Common authorization server vulnerabilities 154

10 ■ Common OAuth token vulnerabilities 168

Part 4 Taking OAuth further ..........................................179

11 ■ OAuth tokens 181

12 ■ Dynamic client registration 208

13 ■ User authentication with OAuth 2.0 236

14 ■ Protocols and profiles using OAuth 2.0 262

15 ■ Beyond bearer tokens 282

...

- Table of Contents

OAuth 2

OAuth 2
in Action book forum incl. errata
:
- https://forums.manning.com/forums/oauth-2-in-action

...

Clone the repository with the code for all the exercises in the book
- https://github.com/oauthinaction/oauth-in-action-code

...

Prerequisites for running examples:

Node: https://nodejs.org
NPM: https://www.npmjs.com/ (Bundled with Node)
Express: http://expressjs.com

RFCs:
- https://tools.ietf.org/html/rfc6749 OAuth 2.0 framework
- https://tools.ietf.org/html/rfc7591 OAuth 2.0 Dynamic Client Registration
- https://tools.ietf.org/html/rfc7662 OAuth 2.0 Token Introspection
- https://tools.ietf.org/html/rfc6750 Bearer Token Usage
- https://tools.ietf.org/html/rfc7009 Token Revocation
- https://tools.ietf.org/html/rfc7521 Assertion Framework for Client Authentication and Authorization Grants
- https://tools.ietf.org/html/rfc7522 SAML 2.0 Profile
- https://tools.ietf.org/html/rfc7523 JSON Web Token (JWT) Profile for …
- https://tools.ietf.org/html/rfc6819 Threat Model and Security Considerations
- https://tools.ietf.org/html/rfc7636 Proof Key for Code Exchange by OAuth Public Clients
- https://tools.ietf.org/html/rfc6755 An IETF URN Sub-Namespace for OAuth

Additional materials from the OpenID Workshop offered by Roland Hedberg and Rebecka Gulliksson in Denver, February 2016

Workshop home page: https://meetings.internet2.edu/2016-02-24-openid-connect-workshop/
Workshop code: https://github.com/rohe/openid_course
Course material for a course in OAuth2, JW*, OpenID Connect and UMA: https://github.com/rohe/ojou_course

OIDC
- Internet2 OIDC Survey Working Group
- Consultation for the
  OIDC Survey Working Group Final Report
- U Chicago project to add OIDC support to the Shib IdP

Page tree

Versions Compared

Old Version 28

New Version Current

Key

This is the wiki home of a self-organized study group on OAuth2 and OpenID Connect (OIDC)

Agenda and Notes Online

References and Links

Recommended but not required: OAuth 2 in Action, Justin Richer and Antonio Sanso

OAuth 2

in Action book forum incl. errata

https://forums.manning.com/forums/oauth-2-in-action

Clone the repository with the code for all the exercises in the book

Prerequisites for running examples:

RFCs:

Additional materials from the OpenID Workshop offered by Roland Hedberg and Rebecka Gulliksson in Denver, February 2016

OIDC