OAuth 2.0 Servers
X
  • OAuth.com
    • Background
    • Getting Ready
    • Accessing Data in an OAuth Server
      • Create an Application
      • Setting up the Environment
      • Authorization Request
      • Obtaining an Access Token
      • Making API Requests
    • Signing in with Google
      • Create an Application
      • Setting up the Environment
      • Authorization Request
      • Getting an ID Token
      • Verifying the User Info
    • Server-Side Apps
      • Authorization Code Grant
      • Example Flow
      • Possible Errors
      • User Experience and Security Considerations
    • Single-Page Apps
      • Authorization
      • Example Flow
      • Implicit Flow for Single-Page Apps
      • Security Considerations for Single-Page Apps
    • Mobile and Native Apps
      • Authorization
      • Security Considerations
    • Making Authenticated Requests
      • Refresh Tokens
    • Client Registration
      • Registering a New Application
      • The Client ID and Secret
      • Deleting Applications and Revoking Secrets
    • Authorization
      • The Authorization Request
      • Requiring User Login
      • The Authorization Interface
      • The Authorization Response
      • Security Considerations
    • Scope
      • Defining Scopes
      • User Interface
      • Checkboxes
    • Redirect URLs
      • Redirect URL Registration
      • Redirect URLs for Native Apps
      • Redirect URL Validation
    • Access Tokens
      • Authorization Code Request
      • Password Grant
      • Client Credentials
      • Access Token Response
      • Self-Encoded Access Tokens
      • Access Token Lifetime
      • Refreshing Access Tokens
    • Listing Authorizations
      • Revoking Access
    • The Resource Server
    • OAuth for Native Apps
      • Use a System Browser
      • Redirect URLs for Native Apps
      • PKCE Extension
      • Checklist for Server Support for Native Apps
    • OAuth for Browserless and Input-Constrained Devices
      • User Flow
      • Authorization Request
      • Token Request
      • Authorization Server Requirements
      • Security Considerations
    • Protecting Apps with PKCE
      • Authorization Request
      • Authorization Code Exchange
    • Token Introspection Endpoint
    • Creating Documentation
    • Terminology Reference
    • Differences Between OAuth 1 and 2
      • Authentication and Signatures
      • User Experience and Alternative Token Issuance Options
      • Performance at Scale
      • Bearer Tokens
      • Short-lived tokens with Long-lived authorizations
      • Separation of Roles
    • OpenID Connect
      • Authorization vs Authentication
      • Building an Authentication Framework
      • ID Tokens
      • Summary
    • IndieAuth
      • Discovery
      • IndieAuth Sign-In Workflow
      • IndieAuth Authorization Workflow
    • Map of OAuth 2.0 Specs
    • Tools and Libraries
    • Appendix
Close Created with Sketch.

Next ChapterGetting Ready

Want to implement OAuth 2.0 without the hassle?

We've built API access management as a service that is secure, scalable, and always on, so you can ship a more secure product, faster.

Secure your APIs
OAuth.com is brought to you by the team at okta_logo