OAuth related standards supported by the Curity Identity Server.
What is PAR, and how does it help improve security for financial-grade APIs?
Protecting APIs with strong security by requiring clients to authenticate using JWT client assertions
Mutual TLS Sender Constrained Tokens add another security layer and mitigate the risk of misuse of tokens.
What is Mutual TLS, and how does Client Authentication with Mutual TLS work?
The OAuth Revoke Flow Explained.
The OAuth Refresh Flow Explained.
The OAuth Device Flow Explained.
The OAuth Resource Owner Password Credentials Flow Explained.
The OAuth Client Credentials Flow Explained.
The OAuth Implicit Flow Explained.
What is Demonstration of Proof-of-Possession (DPoP), and how can it be used to improve the security of public clients.
The OAuth Code Flow Explained.
Learn how the Proof Key for Code Exchange (PKCE) should be used in the OAuth server.
OAuth has a flow called client credentials, that comes in handy when there are requests to your APIs that are not involving a user. Using the Client Credentials flow, it's possible to let servers communicate with your API without modifying the APIs themselves.
Using the OAuth 2 Implicit Flow
This tutorial explains how to obtain an OAuth access token using the code flow, a popular message exchange pattern used by server-based applications. The guide includes step by step instructions for how to set it up and configure it in the Curity Identity Server.
This tutorial explains how to obtain an OAuth access token using the hybrid flow. The guide includes step by step instructions for how to set it up and configure it in the Curity Identity Server.
This tutorial explains how to issue Refresh Tokens in the Curity Identity Server, control their lifetime, include/exclude them for certain clients, and use them to get new access tokens
Learn how to revoke access and refresh tokens issued according to the OAuth standard
The OAuth 2.0 Device Authorization Grant solves the problem of authenticating a user on a device that does not have user friendly input capabilities. Authentication instead takes place out-of-band on a different device.
This tutorial explains how to use the Resource Owner Password Credential Flow (ROPC) to obtain tokens from the Curity Identity Server
Handling user consent for claims
OAuth 2.0 is the industry-standard protocol for authorization and access delegation. It specifies a process for resource owners to authorize third-part access to their resources without sharing their credentials. OAuth facilitates fast and secure authentication and authorization for users to APIs, servers, devices and apps. It does this without sharing password information and instead uses access tokens to prove an identity, keeping user credentials safe.