OAuth 2.0
Explore OAuth 2.0. What is it and how can you best implement it?
Articles
Demonstration of Proof-of-Possession overview
What is DPoP and how it improves the security for public clients.
OIDC Hybrid Flow
The OpenID Connect Hybrid Flow Explained.
Best Practices - OAuth for Mobile Apps
This article demos best practices for using the OAuth for mobile applications.
Best Practices - OAuth for SPAs
Secure Single Page Applications using OAuth
Mutual TLS Sender Constrained Access Tokens
Add another security layer by requiring proof of possession.
Mutual TLS Client Authentication
Authenticating a client using certificates.
Proof Key for Code Exchange
An overview of how the Proof Key for Code Exchange should be used.
OAuth Revoke Flow
The OAuth Revoke Flow Explained.
OAuth Refresh
The OAuth Refresh Flow Explained.
OAuth Device Flow
The OAuth Device Flow Explained.
OAuth Code Flow
The OAuth Code Flow Explained.
OAuth Implicit Flow
The OAuth Implicit Flow Explained.
OAuth Client Credentials Flow
The OAuth Client Credentials Flow Explained.
OAuth Resource Owner Password Credentials Flow
The OAuth Resource Owner Password Credentials Flow Explained.
Supported OAuth 2.0 RFCs
OAuth related standards supported by the Curity Identity Server.
Videos
Using Custom Token Issuers in the Curity Identity Server
Developer How-to's
OAuth Tokens As Your Identity API
Live presentations
Scalable API Security Using OAuth
Live presentations
Financial Grade APIs Using OAuth and OpenID Connect
Live presentations
Securing APIs in a Cloud Native Environment Using OAuth
Live presentations
Securing APIs and Microservices with OAuth and OpenID Connect
Live presentations
REST API Overview with Integration of CLI & UI
Developer How-to's
OAuth 2.0 is the industry-standard protocol for authorization and access delegation. It specifies a process for resource owners to authorize third-part access to their resources without sharing their credentials. OAuth facilitates fast and secure authentication and authorization for users to APIs, servers, devices and apps. It does this without sharing password information and instead uses access tokens to prove an identity, keeping user credentials safe.