Abstract
Modern applications are often designed around APIs. APIs enable applications to reuse logic and take advantage of innovative services. APIs provide access to valuable data or services, but they typically need to restrict API access to authorized parties. Applications therefore need authorization to call APIs. If an application wants to call an API on a user’s behalf to access resources owned by the user, it needs the user’s consent. In the past, a user often had to share their credentials with the application to enable such an API call on their behalf. This gave the application an unnecessary amount of access, not to mention the responsibility of safeguarding the credential! In this chapter, we will cover how the OAuth 2.0 framework provides a better solution for authorizing applications to call APIs.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The mechanism by which a user is authenticated to provide consent is outside the OAuth 2.0 specification. It is shown in the diagram (steps 3 and 4) to show where it occurs in the sequence.
- 2.
The parameters for all of the examples may vary somewhat for your specific provider. See also the OAuth2.0 specification for additional optional parameters.
- 3.
The mechanism by which a user is authenticated to provide consent is outside the OAuth 2.0 specification. It is shown in the diagram (steps 3 and 4) to show where it occurs in the sequence.
- 4.
- 5.
The mechanism by which the application obtains the user credentials is outside the OAuth 2.0 specification. It is shown in the diagram (steps 2 and 3) to provide a more complete picture of the solution.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Yvonne Wilson, Abhishek Hingnikar
About this chapter
Cite this chapter
Wilson, Y., Hingnikar, A. (2019). OAuth 2.0 and API Authorization. In: Solving Identity Management in Modern Applications. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-5095-2_5
Download citation
DOI: https://doi.org/10.1007/978-1-4842-5095-2_5
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-5094-5
Online ISBN: 978-1-4842-5095-2
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books