OAuth 2.0 cookbook protect your web applications using Spring Security
Efficiently integrate OAuth 2.0 to protect your mobile, desktop, Cloud applications and APIs using Spring Security technologies. About This Book Interact with public OAuth 2.0 protected APIs such as Facebook, LinkedIn and Google. Use Spring Security and Spring Security OAuth2 to implement your own O...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham, England ; Mumbai, [India] :
Packt Publishing
2017.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009630391106719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright
- Credits
- About the Author
- About the Reviewer
- www.PacktPub.com
- Customer Feedback
- Table of Contents
- Preface
- Chapter 1: OAuth 2.0 Foundations
- Introduction
- Preparing the environment
- Getting ready
- How to do it...
- See also
- How it works...
- There's more...
- See also
- Reading the user's contacts from Facebook on the client side
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Reading the user's contacts from Facebook on the server side
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Accessing OAuth 2.0 LinkedIn protected resources
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Accessing OAuth 2.0 Google protected resources bound to the user's session
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Chapter 2: Implementing Your Own OAuth 2.0 Provider
- Introduction
- Protecting resources using the Authorization Code grant type
- Getting ready
- How to do it...
- How it works...
- There's more...
- Supporting the Implicit grant type
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Using the Resource Owner Password Credentials grant type as an approach for OAuth 2.0 migration
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Configuring the Client Credentials grant type
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Adding support for refresh tokens
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Using a relational database to store tokens and client details
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also.
- Using Redis as a token store
- Getting ready
- How to do it...
- How it works...
- See also
- Implementing client registration
- Getting ready
- How to do it...
- How it works...
- See also
- Breaking the OAuth 2.0 Provider in the middle
- Getting ready
- How to do it...
- How it works...
- See also
- Using Gatling to load test the token validation process using shared databases
- Getting ready
- How to do it...
- How it works...
- See also
- Chapter 3: Using OAuth 2.0 Protected APIs
- Introduction
- Creating an OAuth 2.0 client using the Authorization Code grant type
- Getting ready
- How to do it...
- How it works...
- Creating an OAuth 2.0 client using the Implicit grant type
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Creating an OAuth 2.0 client using the Resource Owner Password Credentials grant type
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Creating an OAuth 2.0 client using the Client Credentials grant type
- Getting ready
- How to do it...
- How it works...
- See also
- Managing refresh tokens on the client side
- Getting ready
- How to do it...
- How it works...
- See also
- Accessing an OAuth 2.0 protected API with RestTemplate
- Getting ready
- How to do it...
- How it works...
- See also
- Chapter 4: OAuth 2.0 Profiles
- Introduction
- Revoking issued tokens
- Getting ready
- How to do it...
- How it works...
- Remote validation using token introspection
- Getting ready
- How to do it...
- How it works...
- There's more...
- Improving performance using cache for remote validation
- Getting ready
- How to do it...
- How it works...
- See also
- Using Gatling to load test remote token validation
- Getting ready
- How to do it...
- There's more...
- See also
- Dynamic client registration.
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Chapter 5: Self Contained Tokens with JWT
- Introduction
- Generating access tokens as JWT
- Getting ready
- How to do it...
- How it works...
- See also
- Validating JWT tokens at the Resource Server side
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Adding custom claims on JWT
- Getting ready
- How to do it...
- How it works...
- See also
- Asymmetric signing of a JWT token
- Getting ready
- How to do it...
- How it works...
- See also
- Validating asymmetric signed JWT token
- Getting ready
- How to do it...
- How it works...
- See also
- Using JWE to cryptographically protect JWT tokens
- Getting ready
- How to do it...
- How it works...
- See also
- Using JWE at the Resource Server side
- Getting ready
- How to do it...
- How it works...
- See also
- Using proof-of-possession key semantics on OAuth 2.0 Provider
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Using proof-of-possession key on the client side
- Getting ready
- How to do it...
- How it works...
- See also
- Chapter 6: OpenID Connect for Authentication
- Introduction
- Authenticating Google's users through Google OpenID Connect
- Getting ready
- How to do it...
- How it works...
- See also
- Obtaining user information from Identity Provider
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Using Facebook to authenticate users
- Getting ready
- How to do it...
- How it works...
- See also
- Using Google OpenID Connect with Spring Security 5
- Getting ready
- How to do it...
- How it works...
- See also
- Using Microsoft and Google OpenID providers together with Spring Security 5
- Getting ready
- How to do it.
- How it works...
- Chapter 7: Implementing Mobile Clients
- Introduction
- Preparing an Android development environment
- Getting ready
- How to do it...
- How it works...
- Creating an Android OAuth 2.0 client using an Authorization Code with the system browser
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Creating an Android OAuth 2.0 client using the Implicit grant type with the system browser
- Getting ready
- How to do it...
- How it works...
- See also
- Creating an Android OAuth 2.0 client using the embedded browser
- Getting ready
- How to do it...
- How it works...
- See also
- Using the Password grant type for client apps provided by the OAuth 2 server
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Protecting an Android client with PKCE
- Getting ready
- How to do it...
- How it works...
- See also
- Using dynamic client registration with mobile applications
- Getting ready
- How to do it...
- How it works...
- See also
- Chapter 8: Avoiding Common Vulnerabilities
- Introduction
- Validating the Resource Server audience
- Getting ready
- How to do it...
- How it works...
- Protecting Resource Server with scope validation
- Getting ready
- How to do it...
- How it works...
- Binding scopes with user roles to protect user's resources
- Getting ready
- How to do it...
- How it works...
- See also
- Protecting the client against Authorization Code injection
- Getting ready
- How to do it...
- How it works...
- Protecting the Authorization Server from invalid redirection
- Getting ready
- How to do it...
- How it works...
- Index.
