This whitepaper explains the main aspects of OAuth and OpenID Connect that every API provider needs to know. It briefly explains how these fit into an API provider’s broader security program, and their place in the “Neo-security Stack,” a modern suite of protocols that organizations should be using to deliver safe data access via APIs. It explains the proper and improper uses of OAuth, and provides easy-to-understand examples of key concepts like scopes, tokens, profiles, and method of exchanging tokens. After reading this whitepaper, you will have the requisite knowledge needed to begin protecting APIs with OAuth and OpenID Connect.
OAuth 2 and OpenID Connect are fundamental to securing your APIs. To protect the data that your services expose, you will need these protocols. They are complicated though, and it is easy to get lost in the hundreds of pages that make up these specifications. To find your way, read on to get a to get a good introduction to these important security standards!