Articles

The OAuth community is dedicated to helping provide information on the proper use of the OAuth protocols through a series of articles on different topics.

The Complete List of OAuth 2 Grants

Ravgeet Dhillon
#oauth2

A complete list of all the various grants that have been standardized by the IETF, including standard ones like the Authorization Code Grant, and more unusual ones like the SAML 2.0 Bearer Grant.

Run Your Own Open Source OAuth2 and OpenID Connect Server!

Aeneas Rekkas
#oauth2 #guide #server #oidc

Set up a fully functional OAuth2 Server and OpenID Connect Provider using the open source ORY Hydra project in under 10 minutes.

Security of mobile OAuth 2.0

Nikita Stupin
#mobile

This article shares the concepts of mobile OAuth 2.0 attacks and security mechanisms used to prevent such issues.

What the Heck is Sign In with Apple?

Aaron Parecki
#apple #oidc

Sign In with Apple is based on OAuth 2.0 and OpenID Connect, and provides a privacy-friendly way for users to sign in to websites and apps.

Is the OAuth 2.0 Implicit Flow Dead?

Aaron Parecki
#implicit

What's changing with the OAuth Implicit Flow and why.

Add the OAuth 2.0 Device Flow to any OAuth Server

Aaron Parecki
#device

If you want to use the OAuth Device Flow but your server doesn't support it natively, you still have other options!

Why OAuth API Keys and Secrets Aren't Safe in Mobile Apps

Aaron Parecki
#mobile #secret

Here are several reasons it's not safe to use a client secret in mobile apps.

Why you should stop using the OAuth implicit grant!

Torsten Lodderstedt
#implicit

No one should any longer use the implicit grant! That’s what IETF’s OAuth working group, the authority for official OAuth specifications, recommends in the upcoming OAuth 2.0 Security Best Current Practice RFC. The decision was met during the IETF meeting this week in Bangkok.

OAuth 2.0 from the Command Line

Aaron Parecki
#command-line #cli

OAuth 2.0 from the Command Line describes a technique for building a command line OAuth client.

What is the OAuth 2.0 Password Grant Type?

Aaron Parecki
#password #grant-types

What is the OAuth 2.0 Password Grant Type? describes the password grant and its most common use cases.

What is the OAuth 2.0 Implicit Grant Type?

Aaron Parecki
#implicit #grant-types

What is the OAuth 2.0 Implicit Grant Type? describes the implicit flow and its most common use cases.

What is the OAuth 2.0 Authorization Code Grant Type?

Aaron Parecki
#authorization-code #grant-types

What is the OAuth 2.0 Authorization Code Grant Type? describes the authorization code flow and its most common use cases.

OAuth 2 Simplified

#oauth #guide

OAuth 2 Simplified describes OAuth 2.0 in a simplified format to help developers and service providers implement the protocol. An expanded version of this article is also available as a book.

A Guide to OAuth 2.0 Grants

#grant-types #guide

A Guide to OAuth 2.0 Grants describes each of the OAuth grants and use cases for each.

End User Authentication with OAuth 2.0

#authentication

While OAuth is not an authentication protocol on its own, there are a number of high-profile authentication protocols built with OAuth 2.0. This article seeks to expose common pitfalls and demonstrate how to do end user authentication using OAuth 2.0 in a secure and reliable manner.

What is the difference between OAuth1 and OAuth2?

#OAuth

What are the major difference between these OAuth 1.0 and OAuth 2.0 and the motivations to choose each one of them? This blog describes the major difference between the two protocols.

Getting Started with OAuth 2.0

#OAuth

Using this blog one can easily understand the basic concept of Oauth 2.0.