Useful Links
Computer Science
Other Tools and Technologies
OAuth and OIDC
1. Introduction to Secure Delegated Access
2. OAuth 2.0 Framework Fundamentals
3. OAuth 2.0 Protocol Endpoints
4. OAuth 2.0 Tokens
5. Scopes and Permissions
6. OAuth 2.0 Authorization Grants
7. OpenID Connect Identity Layer
8. JSON Web Tokens in OAuth and OIDC
9. Security Considerations and Threats
10. Advanced OAuth and OIDC Topics
11. OAuth 2.1 Evolution
12. Implementation Guidance
OAuth 2.0 Authorization Grants
Grant Type Overview
Purpose of Different Grants
Selection Criteria
Security Considerations
Authorization Code Grant
Flow Description
Authorization Request
User Authentication
Authorization Code Issuance
Token Exchange
Security Properties
Code Confidentiality
Client Authentication
CSRF Protection
Use Cases
Web Applications
Server-Side Applications
Confidential Clients
Implementation Details
Redirect URI Validation
State Parameter Usage
Error Handling
Proof Key for Code Exchange
Security Problem
Authorization Code Interception
Public Client Vulnerabilities
Mobile App Risks
PKCE Mechanism
Code Verifier Generation
Code Challenge Creation
Challenge Methods
Integration with Authorization Code Flow
Modified Request Parameters
Verification Process
Implementation Requirements
Entropy Requirements
Storage Considerations
Error Handling
Client Credentials Grant
Flow Description
Client Authentication
Token Request
Token Response
Use Cases
Machine-to-Machine Communication
Service-to-Service Access
Backend Processes
Security Considerations
Client Secret Management
Scope Limitations
Token Lifecycle
Implicit Grant
Flow Description
Direct Token Issuance
Fragment-Based Response
Security Limitations
Token Exposure
No Refresh Tokens
Limited Client Authentication
Historical Context
Early SPA Requirements
Browser Limitations
Deprecation Status
OAuth 2.1 Changes
Migration Recommendations
Resource Owner Password Credentials Grant
Flow Description
Direct Credential Handling
Token Exchange
Security Risks
Credential Exposure
Phishing Vulnerabilities
Trust Requirements
Limited Use Cases
Legacy System Migration
Trusted First-Party Applications
Deprecation Status
Security Concerns
Alternative Recommendations
Previous
5. Scopes and Permissions
Go to top
Next
7. OpenID Connect Identity Layer