GOTO - For Developers, By Developers

The Secrets of Advanced OAuth 2.0 • Aaron Parecki & Eric Johnson • GOTO 2020

March 25, 2021 Aaron Parecki, Eric Johnson & GOTO Season 1 Episode 4
GOTO - For Developers, By Developers
The Secrets of Advanced OAuth 2.0 • Aaron Parecki & Eric Johnson • GOTO 2020
Chapters
0:00
Intro
0:55
The history of OAuth
2:22
Differences between OAuth 1 & 2
8:23
Differences between AuthN & AuthZ
13:38
Who is the target audience for this book?
14:59
Do you recommend building your own OAuth server?
17:53
What's a grant type and how does it work?
21:38
Advantages of short access & long refresh token periods
24:43
What is PKCE grant type in OAuth & how to use it
28:58
Why is verifying the redirect URL important?
31:33
What does the STATE property do?
34:59
Security considerations as a user & server administrator
44:21
Key takeaways from the book
45:45
Outro
GOTO - For Developers, By Developers
The Secrets of Advanced OAuth 2.0 • Aaron Parecki & Eric Johnson • GOTO 2020
Mar 25, 2021 Season 1 Episode 4
Aaron Parecki, Eric Johnson & GOTO

This interview was recorded for the GOTO Book Club.
http://gotopia.tech/bookclub

Aaron Parecki - Author of "OAuth 2.0 Simplified"
Eric Johnson - Senior Developer Advocate at AWS Serverless

DESCRIPTION
The OAuth 2.0 authorization framework has become the industry standard in providing secure access to web APIs. It allows users to grant external applications access to their data, such as profile data, photos, and email, without compromising security. OAuth 2.0 Simplified is a guide to building an OAuth 2.0 server. Through high-level overviews, step-by-step instructions, and real-world examples, you will learn how to take advantage of the OAuth 2.0 framework while building a secure API.
The interview is based on Aaron Parecki's new book "OAuth 2.0 Simplified": https://amzn.to/2A3IMOf

Read the full transcription of the interview here:
https://gotopia.tech/bookclub/episodes/the-secrets-of-oauth-2

RECOMMENDED BOOK
Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf

https://twitter.com/GOTOcon
https://www.linkedin.com/company/goto-
https://www.facebook.com/GOTOConferences

Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at http://gotopia.tech

SUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted almost daily.
https://www.youtube.com/GotoConferences

Show Notes Chapter Markers

This interview was recorded for the GOTO Book Club.
http://gotopia.tech/bookclub

Aaron Parecki - Author of "OAuth 2.0 Simplified"
Eric Johnson - Senior Developer Advocate at AWS Serverless

DESCRIPTION
The OAuth 2.0 authorization framework has become the industry standard in providing secure access to web APIs. It allows users to grant external applications access to their data, such as profile data, photos, and email, without compromising security. OAuth 2.0 Simplified is a guide to building an OAuth 2.0 server. Through high-level overviews, step-by-step instructions, and real-world examples, you will learn how to take advantage of the OAuth 2.0 framework while building a secure API.
The interview is based on Aaron Parecki's new book "OAuth 2.0 Simplified": https://amzn.to/2A3IMOf

Read the full transcription of the interview here:
https://gotopia.tech/bookclub/episodes/the-secrets-of-oauth-2

RECOMMENDED BOOK
Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf

https://twitter.com/GOTOcon
https://www.linkedin.com/company/goto-
https://www.facebook.com/GOTOConferences

Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at http://gotopia.tech

SUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted almost daily.
https://www.youtube.com/GotoConferences

Intro
The history of OAuth
Differences between OAuth 1 & 2
Differences between AuthN & AuthZ
Who is the target audience for this book?
Do you recommend building your own OAuth server?
What's a grant type and how does it work?
Advantages of short access & long refresh token periods
What is PKCE grant type in OAuth & how to use it
Why is verifying the redirect URL important?
What does the STATE property do?
Security considerations as a user & server administrator
Key takeaways from the book
Outro