The OAuth community is dedicated to helping provide information on the proper use of the OAuth protocols through a series of articles on different topics.
No one should any longer use the implicit grant! That’s what IETF’s OAuth working group, the authority for official OAuth specifications, recommends in the upcoming OAuth 2.0 Security Best Current Practice RFC. The decision was met during the IETF meeting this week in Bangkok.
OAuth 2.0 from the Command Line describes a technique for building a command line OAuth client.
What is the OAuth 2.0 Password Grant Type? describes the password grant and its most common use cases.
What is the OAuth 2.0 Implicit Grant Type? describes the implicit flow and its most common use cases.
What is the OAuth 2.0 Authorization Code Grant Type? describes the authorization code flow and its most common use cases.
OAuth 2 Simplified describes OAuth 2.0 in a simplified format to help developers and service providers implement the protocol. An expanded version of this article is also available as a book.
A Guide to OAuth 2.0 Grants describes each of the OAuth grants and use cases for each.
While OAuth is not an authentication protocol on its own, there are a number of high-profile authentication protocols built with OAuth 2.0. This article seeks to expose common pitfalls and demonstrate how to do end user authentication using OAuth 2.0 in a secure and reliable manner.