OAuth 2.0 Simplified by Aaron Parecki is a guide to building an OAuth 2.0 server. Through high-level overviews, step-by-step instructions, and real-world examples, you will learn how to take advantage of the OAuth 2.0 framework while building a secure API.
Whether you’re a software architect, application developer, project manager, or a casual programmer, this book will introduce you to the concepts of OAuth 2.0 and demonstrate what is required when building a server.
This book is currently available from Lulu.com and Amazon, and on Kindle.
The Little Book of OAuth 2.0 RFCs by Aaron Parecki is a collection of the core RFCs you'll need to read in order to fully implement an OAuth 2.0 client or service. This book is a reproduction of all the RFCs relating to OAuth, everything from OAuth core RFC6749 to the latest Security Best Current Practice. Each RFC is prefaced by a short introduction to set the context for why it's important to the space.
You can purchase a paperback copy on Amazon, or download the PDF for free.
OAuth 2 in Action by Justin Richer and Antonio Sanso covers the OAuth 2 protocol in depth, providing hands-on exercises for building clients, authorization servers, and protected resources in various configurations. The book covers the structure and components of an OAuth 2 system, common vunlerabilities and mitigations, and several protocols that are built on and around OAuth 2. Exercises are included that walk through building an entire OAuth 2.0 ecosystem.
This book is currently available from Manning, Amazon, and wherever technical books are sold.
Mastering OAuth 2.0 by Charles Bihis provides an in-depth view of the OAuth 2.0 protocol from a client perspective. With a focus on practicality and security, this book explores the various ways in which a client can integrate with an OAuth 2.0 service provider, discussing caveats and best practices along the way.
This book focuses on the client integration side of the OAuth 2.0 protocol and is ideal for client and application developers looking to integrate with OAuth 2.0 service providers in the most secure and effective way.
API Security in Action by Neil Madden covers use of OAuth 2 to protect REST APIs, and related technologies such as JSON Web Tokens. Security enhancements including combining OAuth 2 with mutual TLS authentication are covered, along with the latest security best practices. Detailed patterns are presented for using OAuth 2 with Kubernetes and for resource-constrained IoT (Internet of Things) environments.
OAuth 2.0 Cookbook by Adolfo Eloy Nascimento provides useful recipes for solving real-life problems using Spring Security and creating Android applications.
The book starts by presenting you how to interact with some public OAuth 2.0 protected APIs such as Facebook, LinkedIn and Google. Readers will also be able to implement their own OAuth 2.0 provider with Spring Security OAuth2. Next, the book covers practical scenarios regarding some important OAuth 2.0 profiles such as Dynamic Client Registration, Token Introspection and how to revoke issued access tokens. Readers will then be introduced to the usage of JWT, OpenID Connect, and how to safely implement native mobile OAuth 2.0 Clients.