Episode 376: Justin Richer On API Security with OAuth 2

Filed in Episodes by on August 13, 2019 0 Comments

Justin RicherJustin Richer, lead author of the OAuth2 In Action book and editor of OAuth extensions RFC 7591, 7592, and 7662, discusses the key technical features of the OAuth 2.0, the industry-standard protocol for authorization and what makes this the best choice for authorizing access to API resources. Host Gavin Henry spoke with Richer about browser based OAuth2, types of tokens, OpenID Connect, PKCE, JSON Web Token pros and cons, where to store them, client secrets, Single Page Apps, Mobile Apps, current best practices, OAuth.XYZ, HEART, MITREid, token validation, dynamic client registration, the decision factors of the various types of authorization grants to use and what is next for OAuth.

Related Links


SE Radio theme: “Broken Reality” by Kevin MacLeod (incompetech.com — Licensed under Creative Commons: By Attribution 3.0)

Tags: , , , , , , , , , , , , , , ,