Going Further
In this Getting Started book, we have given you an overview of how OAuth 2.0 works for obtaining authorized access to user data and why it is important to improve security and user productivity. As an application developer, you should now understand the different authorization flows available and how to decide between them when an API provider supports multiple flows. We’ve also introduced OpenID Connect, discussed how it builds on top of the OAuth 2.0 protocol to enable user authentication, and some of the different security properties of authentication versus authorization. We hope the protocol-level foundation provided by this book will make you a better developer, even if you end up using libraries that abstract many of the details.
As you use OAuth 2.0 in your application, there are additional
considerations you should take into account to optimize user experience
and performance. When getting access to a user’s data, you should explore
how requests for different levels of access and the timing of those
requests affect approval rates. When authenticating users with OpenID
Connect, you should think about which identity providers to support, how
you deal with users who have accounts on multiple identity providers, how
to improve sign-in performance by decoding the id_token
JWT, and other potential factors that
could decrease customer service tickets.
We primarily focused on the perspective of acting as an OAuth client. Many application developers may wish to open ...
Get Getting Started with OAuth 2.0 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.