Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE

CHAPTER 4

Mutual Authentication with TLS

Transport Layer Security (TLS) mutual authentication, also known as client authentication or two-way Secure Socket Layer (SSL), is part of the TLS handshake process. In one-way TLS, only the server proves its identity to the client; this is mostly used in e-commerce to win consumer confidence by guaranteeing the legitimacy of the e-commerce vendor. In contrast, mutual authentication authenticates both parties—the client and the server.

Evolution of TLS

TLS has its roots in SSL. Netscape Communications introduced SSL in 1994 to build a secured channel between the Netscape browser and the web server it connects ...

Get Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE by

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly