OAuth 2.0

OAuth 2.0

Explore OAuth 2.0. What is it and how can you best implement it?

OAuth 2.0 is the industry-standard protocol for authorization and access delegation. It specifies a process for resource owners to authorize third-part access to their resources without sharing their credentials. OAuth facilitates fast and secure authentication and authorization for users to APIs, servers, devices and apps. It does this without sharing password information and instead uses access tokens to prove an identity, keeping user credentials safe.

How-tos

Azure API Management OAuth Proxy Policy

Azure API Management OAuth Proxy Policy

Implementing the OAuth Proxy in Azure with an API Management Policy

AWS API Gateway OAuth Proxy Module

AWS API Gateway OAuth Proxy Module

An implementation of the Token Handler's OAuth Proxy module for AWS API Gateway.

Cloudflare Worker OAuth Proxy Module

Cloudflare Worker OAuth Proxy Module

An implementation of the Token Handler's OAuth Proxy module for Cloudflare Workers.

NGINX Lua OAuth Proxy Plugin

NGINX Lua OAuth Proxy Plugin

An OAuth proxy plugin that can run in a LUA enabled reverse proxy to translate secure cookies to access tokens

NGINX OAuth Proxy Module

NGINX OAuth Proxy Module

An OAuth proxy module that runs in an NGINX reverse proxy, to translate secure cookies to access tokens

Device Authorization Grant

Device Authorization Grant

The OAuth 2.0 Device Authorization Grant solves the problem of authenticating a user on a device that does not have user friendly input capabilities. Authentication instead takes place out-of-band on a different device.

User Consent

User Consent

Handling user consent for claims

Resource Owner Password Flow

Resource Owner Password Flow

This tutorial explains how to use the Resource Owner Password Credential Flow (ROPC) to obtain tokens from the Curity Identity Server

Revoking OAuth Tokens

Revoking OAuth Tokens

Learn how to revoke access and refresh tokens issued according to the OAuth standard

Refresh Tokens

Refresh Tokens

This tutorial explains how to issue Refresh Tokens in the Curity Identity Server, control their lifetime, include/exclude them for certain clients, and use them to get new access tokens

Client Credentials Flow

Client Credentials Flow

OAuth has a flow called client credentials, that comes in handy when there are requests to your APIs that are not involving a user. Using the Client Credentials flow, it's possible to let servers communicate with your API without modifying the APIs themselves.

Hybrid Flow

Hybrid Flow

This tutorial explains how to obtain an OAuth access token using the hybrid flow. The guide includes step by step instructions for how to set it up and configure it in the Curity Identity Server.

Implicit Flow

Implicit Flow

Using the OAuth 2.0 Implicit Flow

Code Flow

Code Flow

This tutorial explains how to obtain an OAuth access token using the code flow, a popular message exchange pattern used by server-based applications. The guide includes step by step instructions for how to set it up and configure it in the Curity Identity Server.

Videos

Test using OAuth Tools
OAuth Device Flow
OAuth and OpenID Connect - What's next?
Using Custom Token Issuers in the Curity Identity Server
OAuth Tokens As Your Identity API
Scalable API Security Using OAuth
Financial Grade APIs Using OAuth and OpenID Connect
Securing APIs in a Cloud Native Environment Using OAuth
Securing APIs and Microservices with OAuth and OpenID Connect
OAuth and OpenID Connect for PSD2 and Third-Party Access
REST API Overview with Integration of CLI & UI