Useful Links
Computer Science
Other Tools and Technologies
OAuth and OIDC
1. Introduction to Secure Delegated Access
2. OAuth 2.0 Framework Fundamentals
3. OAuth 2.0 Protocol Endpoints
4. OAuth 2.0 Tokens
5. Scopes and Permissions
6. OAuth 2.0 Authorization Grants
7. OpenID Connect Identity Layer
8. JSON Web Tokens in OAuth and OIDC
9. Security Considerations and Threats
10. Advanced OAuth and OIDC Topics
11. OAuth 2.1 Evolution
12. Implementation Guidance
OAuth 2.0 Framework Fundamentals
Core Principles
Delegated Authorization
Principle of Least Privilege
Delegation vs Impersonation
Consent-Based Access
Token-Based Access Control
Bearer Token Model
Stateless Operations
Token Lifecycle Management
Separation of Concerns
Authentication vs Authorization
Client vs Resource Server
Key Terminology
Protected Resources
Access Tokens
Authorization Grants
Client Applications
Resource Owners
OAuth 2.0 Roles
Resource Owner
Definition and Responsibilities
User Consent and Control
Delegation Authority
Client
Definition and Types
Client Registration
Client Authentication
Confidential Clients
Characteristics
Security Requirements
Public Clients
Characteristics
Security Limitations
Authorization Server
Core Responsibilities
Authentication Services
Token Issuance
Policy Enforcement
Resource Server
Protected Resource Hosting
Token Validation
Access Control Enforcement
Protocol Architecture
Request-Response Model
HTTP-Based Communication
Endpoint Interactions
Security Boundaries
Previous
1. Introduction to Secure Delegated Access
Go to top
Next
3. OAuth 2.0 Protocol Endpoints