GOTO - Today, Tomorrow and the Future

The Secrets of Advanced OAuth 2.0 • Aaron Parecki & Eric Johnson

March 25, 2021 Aaron Parecki, Eric Johnson & GOTO Season 1 Episode 4
GOTO - Today, Tomorrow and the Future
The Secrets of Advanced OAuth 2.0 • Aaron Parecki & Eric Johnson
Show Notes Chapter Markers

This interview was recorded for the GOTO Book Club.
http://gotopia.tech/bookclub

Aaron Parecki - Author of "OAuth 2.0 Simplified"
Eric Johnson - Senior Developer Advocate at AWS Serverless

DESCRIPTION
The OAuth 2.0 authorization framework has become the industry standard in providing secure access to web APIs. It allows users to grant external applications access to their data, such as profile data, photos, and email, without compromising security. OAuth 2.0 Simplified is a guide to building an OAuth 2.0 server. Through high-level overviews, step-by-step instructions, and real-world examples, you will learn how to take advantage of the OAuth 2.0 framework while building a secure API.
The interview is based on Aaron Parecki's new book "OAuth 2.0 Simplified": https://amzn.to/2A3IMOf

Read the full transcription of the interview here:
https://gotopia.tech/bookclub/episodes/the-secrets-of-oauth-2

RECOMMENDED BOOK
Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf

https://twitter.com/GOTOcon
https://www.linkedin.com/company/goto-
https://www.facebook.com/GOTOConferences

Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at http://gotopia.tech

SUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted almost daily.
https://www.youtube.com/GotoConferences

Twitter
Instagram
LinkedIn
Facebook

Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket: gotopia.tech

SUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted daily!

Intro
The history of OAuth
Differences between OAuth 1 & 2
Differences between AuthN & AuthZ
Who is the target audience for this book?
Do you recommend building your own OAuth server?
What's a grant type and how does it work?
Advantages of short access & long refresh token periods
What is PKCE grant type in OAuth & how to use it
Why is verifying the redirect URL important?
What does the STATE property do?
Security considerations as a user & server administrator
Key takeaways from the book
Outro