Articles

The OAuth community is dedicated to helping provide information on the proper use of the OAuth protocols through a series of articles on different topics.

Is the OAuth 2.0 Implicit Flow Dead?

Aaron Parecki
#implicit

What's changing with the OAuth Implicit Flow and why.

Add the OAuth 2.0 Device Flow to any OAuth Server

Aaron Parecki
#device

If you want to use the OAuth Device Flow but your server doesn't support it natively, you still have other options!

Why OAuth API Keys and Secrets Aren't Safe in Mobile Apps

Aaron Parecki
#mobile #secret

Here are several reasons it's not safe to use a client secret in mobile apps.

Why you should stop using the OAuth implicit grant!

Torsten Lodderstedt
#implicit

No one should any longer use the implicit grant! That’s what IETF’s OAuth working group, the authority for official OAuth specifications, recommends in the upcoming OAuth 2.0 Security Best Current Practice RFC. The decision was met during the IETF meeting this week in Bangkok.

OAuth 2.0 from the Command Line

Aaron Parecki
#command-line #cli

OAuth 2.0 from the Command Line describes a technique for building a command line OAuth client.

What is the OAuth 2.0 Password Grant Type?

Aaron Parecki
#password #grant-types

What is the OAuth 2.0 Password Grant Type? describes the password grant and its most common use cases.

What is the OAuth 2.0 Implicit Grant Type?

Aaron Parecki
#implicit #grant-types

What is the OAuth 2.0 Implicit Grant Type? describes the implicit flow and its most common use cases.

What is the OAuth 2.0 Authorization Code Grant Type?

Aaron Parecki
#authorization-code #grant-types

What is the OAuth 2.0 Authorization Code Grant Type? describes the authorization code flow and its most common use cases.

OAuth 2 Simplified

#oauth #guide

OAuth 2 Simplified describes OAuth 2.0 in a simplified format to help developers and service providers implement the protocol. An expanded version of this article is also available as a book.

A Guide to OAuth 2.0 Grants

#grant-types #guide

A Guide to OAuth 2.0 Grants describes each of the OAuth grants and use cases for each.

End User Authentication with OAuth 2.0

#authentication

While OAuth is not an authentication protocol on its own, there are a number of high-profile authentication protocols built with OAuth 2.0. This article seeks to expose common pitfalls and demonstrate how to do end user authentication using OAuth 2.0 in a secure and reliable manner.