Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE

CHAPTER 9

OAuth 2.0 Profiles

OAuth 2.0 is a framework for delegated authorization. It doesn’t address all specific enterprise API security use cases. The OAuth 2.0 profiles built on top of the core framework work to build a security ecosystem to make OAuth 2.0 ready for enterprise grade deployments. OAuth 2.0 introduced two extension points via grant types and token types. The profiles for OAuth 2.0 are built on top of this extensibility. This chapter talks about four key OAuth 2.0 profiles for token introspection, chained API invocation, dynamic client registration, and token revocation.

Token Introspection Profile

OAuth 2.0 doesn’t define a ...

Get Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE by

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly