What is in the book?
This book offers an introduction to web-API security with OAuth 2.0 and OpenID Connect. In less than 80 pages you will gain an overview of the capabilities of OAuth and learn the core concepts of OAuth including all for OAuth flows used for cloud, web and mobile scenarios.
If you have tried to read the official OAuth specification, you may get the impression that OAuth is complex. This book explains OAuth in simple terms. The different OAuth flows are visualized graphically using sequence diagrams. The diagrams allow you to see the big picture of the various OAuth interactions. This high-level overview is complemented with rich set of example requests and responses and an explanation of the technical details.
In the book the challenges and benefits of OAuth are presented, followed by an explanation of the technical concepts of OAuth. The technical concepts include the actors, endpoints, tokens and the four OAuth flows. Each flow is described in detail, including the use cases for each flow. Extensions of OAuth are presented, such as OpenID Connect and the SAML2 Bearer Profile.
Who should read this book?
You do not have the time to read long books? This book provides an overview, the core concepts, without getting lost in the small-small details. This book provides all the necessary information to get started with OAuth in less than 80 pages.
You believe OAuth is complicated? OAuth may seem complex with flows and redirects going back and forth. This book will give you clarity by introducing the seemingly complicated material by many illustrations. These illustrations clearly show all the involved interaction parties and the messages they exchange.
You want to learn the OAuth concepts efficiently? This book uses many illustrations and sequence diagrams. A good diagram says more than 1000 words.
You want to learn the difference between OAuth and OpenID Connect? You wonder when the two concepts are used, what they have in common and what is different between them. This book will help you answer this question.
You want to use OAuth in your mobile app? If you want to access resources that are protected by OAuth, you need to get a token first, before you can access the resource. For this, you need to understand the OAuth flows and the dependencies between the steps of the flows.
You want to use OAuth to protect your APIs? OAuth is perfectly suited to protect your APIs. You can learn which OAuth endpoints need to be provided and which checks need to be made within the protected APIs.
5 out of 5 stars *Very* good intro to OAuth 2.0 By Chris Verachtert on November 1, 2016
There are quite some good publications on OAuth 2.0 and this introduction written by Matthias Biehl is one of the best. If you want to get up to speed on OAuth quickly and don't want to wade through a 300+ page book, you cannot go wrong with this book. The diagrams it contains are very helpful in grasping the overall concepts. If I could give it 6 stars, I would. In short: it's a gem.
5 out of 5 stars Super clear, easy read By Horace Williams on November 8, 2016
Clear, and precise. Yes, it's short - but one of clearest guides you will find anywhere. Also like that it's language agnostic and focused on oauth and the flow itself. A lot of explanations clutter themselves with a cumbersome / blackbox / "hey it just works!" implementation libraries.
5 out of 5 stars Great Book By Donald E Lutz on March 2, 2015
A clear explanation of OAuth and its authentication flows. It provided great descriptions of the OpenId Connect and SAML2 extensions.
5 out of 5 stars Short and sweet By Amazon Customer on April 22, 2015
Excellent review of the underlying components of OAuth, and the methods of deploying and using it. Love the sequence diagrams. The explanations of the differences between the pattern use cases is most helpful.
5 out of 5 stars Great little book By Dave on August 17, 2015
Great little book. I'm tired of slogging through 500+ pages on a subject that I can learn in less than 100.
5 out of 5 stars Short and sweet By M. Schwartz on August 4, 2016
Very short book... but good if you want a quick read on the plane.