OAuth 2.0
Explore OAuth 2.0. What is it and how can you best implement it?
Articles
Supported OAuth 2.0 RFCs
OAuth related standards supported by the Curity Identity Server.
Best Practices - OAuth for Mobile Apps
This article demos best practices for using the OAuth for mobile applications.
Best Practices - OAuth for Single Page Applications
Secure Single Page Applications using OAuth
Pushed Authorization Requests (PAR)
What is PAR, and how does it help improve security for financial-grade APIs?
Mutual TLS Sender Constrained Access Tokens
Add another security layer by requiring proof of possession.
Mutual TLS Client Authentication
Authenticating a client using certificates.
OAuth Revoke Flow
The OAuth Revoke Flow Explained.
OAuth Refresh
The OAuth Refresh Flow Explained.
OAuth Device Flow
The OAuth Device Flow Explained.
OAuth Resource Owner Password Credentials Flow
The OAuth Resource Owner Password Credentials Flow Explained.
OAuth Client Credentials Flow
The OAuth Client Credentials Flow Explained.
OIDC Hybrid Flow
The OpenID Connect Hybrid Flow Explained.
OAuth Implicit Flow
The OAuth Implicit Flow Explained.
Demonstration of Proof-of-Possession overview
What is DPoP and how it improves the security for public clients.
OAuth Code Flow
The OAuth Code Flow Explained.
Proof Key for Code Exchange Overview
An overview of how the Proof Key for Code Exchange should be used.
Videos
OAuth 2.0 is the industry-standard protocol for authorization and access delegation. It specifies a process for resource owners to authorize third-part access to their resources without sharing their credentials. OAuth facilitates fast and secure authentication and authorization for users to APIs, servers, devices and apps. It does this without sharing password information and instead uses access tokens to prove an identity, keeping user credentials safe.