Mastering OAuth 2. 0 : (Record no. 103416)
[ view plain ]
| 000 -LEADER | |
|---|---|
| fixed length control field | 09803nam a22004693i 4500 |
| 001 - CONTROL NUMBER | |
| control field | EBC4191352 |
| 003 - CONTROL NUMBER IDENTIFIER | |
| control field | MiAaPQ |
| 005 - DATE AND TIME OF LATEST TRANSACTION | |
| control field | 20240729130144.0 |
| 006 - FIXED-LENGTH DATA ELEMENTS--ADDITIONAL MATERIAL CHARACTERISTICS | |
| fixed length control field | m o d | |
| 007 - PHYSICAL DESCRIPTION FIXED FIELD--GENERAL INFORMATION | |
| fixed length control field | cr cnu|||||||| |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION | |
| fixed length control field | 240724s2015 xx o ||||0 eng d |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| International Standard Book Number | 9781784392307 |
| Qualifying information | (electronic bk.) |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| Canceled/invalid ISBN | 9781784395407 |
| 035 ## - SYSTEM CONTROL NUMBER | |
| System control number | (MiAaPQ)EBC4191352 |
| 035 ## - SYSTEM CONTROL NUMBER | |
| System control number | (Au-PeEL)EBL4191352 |
| 035 ## - SYSTEM CONTROL NUMBER | |
| System control number | (CaPaEBR)ebr11206657 |
| 035 ## - SYSTEM CONTROL NUMBER | |
| System control number | (CaONFJC)MIL880925 |
| 035 ## - SYSTEM CONTROL NUMBER | |
| System control number | (OCoLC)951064926 |
| 040 ## - CATALOGING SOURCE | |
| Original cataloging agency | MiAaPQ |
| Language of cataloging | eng |
| Description conventions | rda |
| -- | pn |
| Transcribing agency | MiAaPQ |
| Modifying agency | MiAaPQ |
| 050 #4 - LIBRARY OF CONGRESS CALL NUMBER | |
| Classification number | QA76.76.A63.B545 2015eb |
| 082 0# - DEWEY DECIMAL CLASSIFICATION NUMBER | |
| Classification number | 5.133 |
| 245 10 - TITLE STATEMENT | |
| Title | Mastering OAuth 2. 0 : |
| Remainder of title | Create Powerful Applications to Interact with Popular Service Providers Such As Facebook, Google, Twitter, and More by Leveraging the OAuth 2. 0 Authorization Framework. |
| 250 ## - EDITION STATEMENT | |
| Edition statement | 1st ed. |
| 264 #1 - PRODUCTION, PUBLICATION, DISTRIBUTION, MANUFACTURE, AND COPYRIGHT NOTICE | |
| Place of production, publication, distribution, manufacture | Birmingham : |
| Name of producer, publisher, distributor, manufacturer | Packt Publishing, Limited, |
| Date of production, publication, distribution, manufacture, or copyright notice | 2015. |
| 264 #4 - PRODUCTION, PUBLICATION, DISTRIBUTION, MANUFACTURE, AND COPYRIGHT NOTICE | |
| Date of production, publication, distribution, manufacture, or copyright notice | ©2015. |
| 300 ## - PHYSICAL DESCRIPTION | |
| Extent | 1 online resource (238 pages) |
| 336 ## - CONTENT TYPE | |
| Content type term | text |
| Content type code | txt |
| Source | rdacontent |
| 337 ## - MEDIA TYPE | |
| Media type term | computer |
| Media type code | c |
| Source | rdamedia |
| 338 ## - CARRIER TYPE | |
| Carrier type term | online resource |
| Carrier type code | cr |
| Source | rdacarrier |
| 505 0# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | Cover -- Copyright -- Credits -- About the Author -- About the Reviewers -- www.PacktPub.com -- Table of Contents -- Preface -- Chapter 1: Why Should I Care About OAuth 2.0? -- Authentication versus authorization -- Authentication -- Authorization -- What problems does it solve? -- Federated identity -- Delegated authority -- Real-life examples of OAuth 2.0 in action -- How does OAuth 2.0 actually solve the problem? -- Without OAuth 2.0 - GoodApp wants to suggest contacts by looking at your Facebook friends -- With OAuth 2.0 - GoodApp wants to suggest contacts by looking at your Facebook friends -- Who uses OAuth 2.0? -- Introducing "The World's Most Interesting Infographic Generator -- Summary -- Chapter 2: A Bird's Eye View of OAuth 2.0 -- How does it work? -- User consent -- Two main flows for two main types of client -- Trusted versus untrusted clients -- First look at the client-side flow -- An untrusted client - GoodApp requests access for user's Facebook friends using implicit grant -- The big picture -- When should this be used? -- Pros and cons of being an untrusted client -- Pros -- Cons -- First look at the server-side flow -- A trusted client - GoodApp requests access for user's Facebook friends using authorization code grant -- The big picture -- When should this be used? -- Pros and cons of being a trusted client -- Pros -- Cons -- What are the differences? -- What about mobile? -- Summary -- Chapter 3: Four Easy Steps -- Let's get started -- Step 1 - Register your client application -- Different service providers, different registration process, same OAuth 2.0 protocol -- Your client credentials -- Step 2 - Get your access token -- A closer look at access tokens -- Scope -- Duration of access -- Token revocation -- Sometimes a refresh token -- Step 3 - Use your access token -- An access token is an access token. |
| 505 8# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | Step 4 - Refresh your access token -- What if I don't have a refresh token? -- Refresh tokens expire too -- Putting it all together -- Summary -- Chapter 4: Register Your Application -- Recap of registration process -- Registering your application with Facebook -- Creating your application -- Setting your redirection endpoint -- What is a redirection endpoint? -- Find your service provider's authorization and token endpoints -- Putting it all together! -- Summary -- Chapter 5: Get an Access Token with the Client-Side Flow -- Refresher on the implicit grant flow -- A closer look at the implicit grant flow -- Authorization request -- According to the specification -- In our application -- Access token response -- Success -- Error -- Let's build it! -- Build the base application -- Install Apache Maven -- Create the project -- Configure base project to fit our application -- Modify the hosts file -- Running it for the first time -- Make the authorization request -- Handle the access token response -- Summary -- Reference pages -- Authorization request -- Access token response -- Error response -- Chhapter 6: Get an Access Token with the Server-Side Flow -- Refresher on the authorization code grant flow -- A closer look at the authorization code grant flow -- Authorization request -- According to the specification -- In our application -- Authorization response -- Success -- Error -- Access token request -- According to the specification -- In our application -- Access token response -- Success -- Error -- Let's build it! -- Build the base application -- Install Apache Maven -- Create the project -- Configure the base project to fit our application -- Modify the hosts file -- Running it for the first time -- Make the authorization request -- Handle the authorization response -- Make the access token request -- Handle the access token response. |
| 505 8# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | Summary -- Reference pages -- An overview of the authorization code grant flow -- Authorization request -- Authorization response -- Error response -- Access token request -- Access token response -- Error response -- Chapter 7: Use Your Access Token -- Refresher on access tokens -- Use your access token to make an API call -- The authorization request header field -- The form-encoded body parameter -- The URI query parameter -- Let's build it! -- In our client-side application -- Send via the URI query parameter -- Send via the form-encoded body parameter -- In our server-side application -- Send via the URI query parameter -- Send via the HTTP authorization header -- Creating the world's most interesting infographic -- Summary -- Reference pages -- An overview of protected resource access -- The authorization request header field -- The form-encoded body parameter -- The URI query parameter -- Chapter 8: Refresh Your Access Token -- A closer look at the refresh token flow -- The refresh request -- According to the specification -- The access token response -- Success -- Error -- What if I have no refresh token? Or my refresh token has expired? -- Comparison between the two methods -- The ideal workflow -- Summary -- Reference pages -- An overview of the refresh token flow -- The refresh request -- Access token response -- Error response -- Chapter 9: Security Considerations -- What's at stake? -- Security best practices -- Use TLS! -- Request minimal scopes -- When using the implicit grant flow, request read-only permissions -- Keep credentials and tokens out of reach of users -- Use the authorization code grant flow whenever possible -- Use the refresh token whenever possible -- Use native browsers instead of embedded browsers -- Do not use third-party scripts in the redirection endpoint -- Rotate your client credentials -- Common attacks. |
| 505 8# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | Cross-site request forgery (CSRF) -- What's going on? -- Use the state param to combat CSRF -- Phishing -- Redirection URI manipulation -- Client and user impersonation -- Summary -- Chapter 10 : What About Mobile? -- What is a mobile application? -- What flow should we use for mobile applications? -- Are mobile applications trusted or untrusted? -- What about mobile applications built on top of mobile platforms with secure storage APIs? -- Not quite enough -- Hybrid architectures -- Implicit for mobile app, authorization code grant for backend server -- What is the benefit of this? -- Authorization via application instead of user-agent -- Summary -- Chapter 11: Tooling and Troubleshooting -- Tools -- Troubleshooting -- The implicit grant flow -- The authorization request -- The authorization code grant flow -- The authorization request -- The access token request -- The API call flow -- The authorization request header field -- The form-encoded body parameter -- The URI query parameter -- The refresh token flow -- Summary -- Chapter 12: Extensions to OAuth 2.0 -- Extensions to the OAuth 2.0 framework -- Custom grant types -- A variety of token types -- Any authorization backend -- OpenID Connect -- Summary -- Appendix A: Resource Owner Password Credentials Grant -- When should you use it? -- Reference pages -- An overview of the resource owner password credentials grant -- Authorization request and response -- Access token request -- Access token response -- Error response -- Appendix B: Client Credentials Grant -- When should you use it? -- Reference pages -- Overview of the client credentials grant -- Authorization request and response -- Access token request -- Access token response -- Error response -- Appendix C: Reference Specifications -- The OAuth 2 Authorization Framework -- The OAuth 2 Authorization Framework: Bearer Token Usage. |
| 505 8# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | OAuth 2.0 Token Revocation -- OAuth 2.0 Thread Model and Security Considerations -- Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants -- Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants -- JSON Web Token (JWT) -- JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants -- OpenID Connect Core 1.0 -- HTTP Authentication: Basic and DigestAccess Authentication -- Index. |
| 588 ## - SOURCE OF DESCRIPTION NOTE | |
| Source of description note | Description based on publisher supplied metadata and other sources. |
| 590 ## - LOCAL NOTE (RLIN) | |
| Local note | Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name entry element | Application program interfaces (Computer software). |
| 655 #4 - INDEX TERM--GENRE/FORM | |
| Genre/form data or focus term | Electronic books. |
| 776 08 - ADDITIONAL PHYSICAL FORM ENTRY | |
| Relationship information | Print version: |
| Main entry heading | |
| Title | Mastering OAuth 2. 0 |
| Place, publisher, and date of publication | Birmingham : Packt Publishing, Limited,c2015 |
| International Standard Book Number | 9781784395407 |
| 797 2# - LOCAL ADDED ENTRY--CORPORATE NAME (RLIN) | |
| Corporate name or jurisdiction name as entry element | ProQuest (Firm) |
| 856 40 - ELECTRONIC LOCATION AND ACCESS | |
| Uniform Resource Identifier | <a href="https://ebookcentral.proquest.com/lib/orpp/detail.action?docID=4191352">https://ebookcentral.proquest.com/lib/orpp/detail.action?docID=4191352</a> |
| Public note | Click to View |
No items available.