OAuth 2.0 Cookbook

Adolfo Eloy Nascimento

  • 出版商: Packt Publishing
  • 出版日期: 2017-10-23
  • 售價: $1,980
  • 貴賓價: 9.5$1,881
  • 語言: 英文
  • 頁數: 420
  • 裝訂: Paperback
  • ISBN: 178829596X
  • ISBN-13: 9781788295963
  • 海外代購書籍(需單獨結帳)

相關主題

商品描述

Key Features

  • Interact with public OAuth 2.0 protected APIs such as Facebook, LinkedIn and Google.
  • Use Spring Security and Spring Security OAuth2 to implement your own OAuth 2.0 provider
  • Learn how to implement OAuth 2.0 native mobile clients for Android applications

Book Description

OAuth 2.0 is a standard protocol for authorization and focuses on client development simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and so on. This book also provides useful recipes for solving real-life problems using Spring Security and creating Android applications.

The book starts by presenting you how to interact with some public OAuth 2.0 protected APIs such as Facebook, LinkedIn and Google. You will also be able to implement your own OAuth 2.0 provider with Spring Security OAuth2. Next, the book will cover practical scenarios regarding some important OAuth 2.0 profiles such as Dynamic Client Registration, Token Introspection and how to revoke issued access tokens. You will then be introduced to the usage of JWT, OpenID Connect, and how to safely implement native mobile OAuth 2.0 Clients.

By the end of this book, you will be able to ensure that both the server and client are protected against common vulnerabilities.

What you will learn

  • Use Redis and relational databases to store issued access tokens and refresh tokens
  • Access resources protected by the OAuth2 Provider using Spring Security
  • Implement a web application that dynamically registers itself to the Authorization Server
  • Improve the safety of your mobile client using dynamic client registration
  • Protect your Android client with Proof Key for Code Exchange
  • Protect the Authorization Server from invalid redirection

About the Author

Adolfo Eloy Nascimento is a software engineer at Elo7, he has a Bachelors degree in Computer Science, and has been working with software development since 1999. In around 2003, he started working with web development implementing applications using ASP, PHP4/5, JavaScript, and Java (sometimes he still does some maintenance for a Ruby on Rails application). He started using OAuth 2.0 two years ago, when designing applications using microservice architectures, as well as modeling and interacting with public APIs.

As a tech enthusiast, Adolfo also likes to read and learn about programming languages and new technologies. He also believes that besides creating new applications, it is also important to share the knowledge he has acquired, which is what he does by writing for his personal blog, writing articles for Java Magazine in Brazil, and also writing tech books.

Table of Contents

  1. OAuth 2.0 foundations
  2. Implementing Your Own OAuth 2.0 Provider
  3. Using an API protected with OAuth 2.0
  4. Working with OAuth 2.0 profiles
  5. Self contained tokens with JWT
  6. OpenID Connect for authentication
  7. Implementing Mobile Clients
  8. Avoiding common vulnerabilities

商品描述(中文翻譯)

關鍵特性
- 與公共的 OAuth 2.0 受保護 API 互動,例如 Facebook、LinkedIn 和 Google。
- 使用 Spring Security 和 Spring Security OAuth2 實現自己的 OAuth 2.0 提供者。
- 學習如何為 Android 應用程式實現 OAuth 2.0 原生移動客戶端。

書籍描述
OAuth 2.0 是一種授權標準協議,專注於客戶端開發的簡單性,同時為網頁應用程式、桌面應用程式、手機等提供特定的授權流程。本書還提供了使用 Spring Security 解決現實問題和創建 Android 應用程式的有用範例。

本書首先介紹如何與一些公共的 OAuth 2.0 受保護 API 互動,例如 Facebook、LinkedIn 和 Google。您還將能夠使用 Spring Security OAuth2 實現自己的 OAuth 2.0 提供者。接下來,本書將涵蓋一些重要的 OAuth 2.0 配置檔的實際場景,例如動態客戶端註冊、令牌檢查以及如何撤銷已發放的訪問令牌。然後,您將了解 JWT、OpenID Connect 的使用,以及如何安全地實現原生移動 OAuth 2.0 客戶端。

在本書結束時,您將能夠確保伺服器和客戶端都能抵禦常見的漏洞。

您將學到的內容
- 使用 Redis 和關聯式資料庫來存儲已發放的訪問令牌和刷新令牌。
- 使用 Spring Security 訪問由 OAuth2 提供者保護的資源。
- 實現一個動態註冊到授權伺服器的網頁應用程式。
- 使用動態客戶端註冊來提高您的移動客戶端的安全性。
- 使用 Proof Key for Code Exchange 來保護您的 Android 客戶端。
- 保護授權伺服器免受無效重定向的攻擊。

關於作者
**Adolfo Eloy Nascimento** 是 Elo7 的軟體工程師,擁有計算機科學學士學位,自 1999 年以來一直從事軟體開發工作。大約在 2003 年,他開始從事網頁開發,實現使用 ASP、PHP4/5、JavaScript 和 Java 的應用程式(有時他仍會為 Ruby on Rails 應用程式進行一些維護)。他在兩年前開始使用 OAuth 2.0,當時設計使用微服務架構的應用程式,以及建模和互動公共 API。

作為一名技術愛好者,Adolfo 也喜歡閱讀和學習程式語言和新技術。他還相信,除了創建新應用程式外,分享他所獲得的知識也很重要,這就是他通過撰寫個人部落格、為巴西的 Java Magazine 撰寫文章以及撰寫技術書籍來實現的。

目錄
1. OAuth 2.0 基礎
2. 實現自己的 OAuth 2.0 提供者
3. 使用受 OAuth 2.0 保護的 API
4. 處理 OAuth 2.0 配置檔
5. 使用 JWT 的自包含令牌
6. 用於身份驗證的 OpenID Connect
7. 實現移動客戶端
8. 避免常見漏洞