This book will help you to make sense of OAuth, OpenID Connect, and the many moving parts that come together to make authentication and delegated authorization happen.
You will discover how authentication and authorization requirements changed in past years, and how today’s standard protocols evolved and augmented their ancestors to meet those challenges problems, and solutions locked in an ever-escalating arm’s race.
You will learn both the whys and the hows of OAuth2 and OpenID Connect. You will learn what parts of the protocol are appropriate to use for each of the classic scenarios and app types (Sign-on for traditional web apps, Single Page Apps, calling API from desktop, mobile and web apps, and so on). We will examine every exchange and parameter in detail – putting everything in context and always striving to see the reasons behind every implementation choice within the larger picture.
After reading this book, you will have a clear understanding of the classic problems in authentication and delegated authorization, the modern tools that open protocols offer to solve those problems, and a working knowledge of OAuth2 and OpenID Connect. All that will allow you to make informed design decisions – and even to know your way through troubleshooting and network traces.