Articles

The OAuth community is dedicated to helping provide information on the proper use of the OAuth protocols through a series of articles on different topics.

Why you should stop using the OAuth implicit grant!

Torsten Lodderstedt
#implicit

No one should any longer use the implicit grant! That’s what IETF’s OAuth working group, the authority for official OAuth specifications, recommends in the upcoming OAuth 2.0 Security Best Current Practice RFC. The decision was met during the IETF meeting this week in Bangkok.

OAuth 2.0 from the Command Line

Aaron Parecki
#command-line #cli

OAuth 2.0 from the Command Line describes a technique for building a command line OAuth client.

What is the OAuth 2.0 Password Grant Type?

Aaron Parecki
#password #grant-types

What is the OAuth 2.0 Password Grant Type? describes the password grant and its most common use cases.

What is the OAuth 2.0 Implicit Grant Type?

Aaron Parecki
#implicit #grant-types

What is the OAuth 2.0 Implicit Grant Type? describes the implicit flow and its most common use cases.

What is the OAuth 2.0 Authorization Code Grant Type?

Aaron Parecki
#authorization-code #grant-types

What is the OAuth 2.0 Authorization Code Grant Type? describes the authorization code flow and its most common use cases.

OAuth 2 Simplified

#oauth #guide

OAuth 2 Simplified describes OAuth 2.0 in a simplified format to help developers and service providers implement the protocol. An expanded version of this article is also available as a book.

A Guide to OAuth 2.0 Grants

#grant-types #guide

A Guide to OAuth 2.0 Grants describes each of the OAuth grants and use cases for each.

End User Authentication with OAuth 2.0

#authentication

While OAuth is not an authentication protocol on its own, there are a number of high-profile authentication protocols built with OAuth 2.0. This article seeks to expose common pitfalls and demonstrate how to do end user authentication using OAuth 2.0 in a secure and reliable manner.