Api security with o auth2
•Transferir como PPTX, PDF•
1 gostou•361 visualizações
Slide deck for vBrownBag Nov 22
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (10)
Semelhante a Api security with o auth2
Semelhante a Api security with o auth2 (20)
Mais de Anthony Chow
Mais de Anthony Chow (14)
Último
Último (20)
Api security with o auth2
- 2. Different kinds of APIs https://ffeathers.wordpress.com/2014/02/16/api-types/
- 3. REST API Security Best Practice OWASP - Open Web Application Security Project https://www.owasp.org/index.php/REST_Security_ Cheat_Sheet https://dzone.com/articles/top-5-rest-api-security- guidelines
- 5. OAuth2 “Open Authentication” (??) Authorization delegation An authorization framework Defined by RFC 6749 and 6750 OAuth 1 is defined by RFC 5849 OAuth 1 and OAuth 2 are not compatible
- 6. Oauth2 Actors Image source: https://www.linkedin.com/pulse/microservices-security-openid-connect-manish-singh/
- 7. OAuth2 Flows (grants) image source: https://www.slideshare.net/rcandidosilva/javaone-2014-securing-restful-resources-with-oauth2
- 8. OAuth2 Authorization Grants Different ways of getting a token Authorization code, Implicit grant, Resource owner password credentials and Client credentials Which OAuth 2.0 flow should I use?
- 9. OAuth2 Tokens Access Token Refresh Token
- 10. OAuth2 simplified view Image source: https://www.hivemq.com/wp-content/uploads/oauth-simple.png
- 11. OpenID Connect (OIDC) Image source: https://developer.okta.com/standards/OIDC/index
- 12. OpenID Connect vs OAuth2 Image source: https://www.slideshare.net/vladimirdzhuvinov/openid-connectexplained
- 13. JSON Web Token (JWT) Image source: www.youtube.com
- 14. OAuth2 + OIDC + JWT Image source: http://kasunpanorama.blogspot.com/2015/11/microservices-in-practice.html
- 15. Resources for API Security Auth0: https://auth0.com/ Mulesoft: https://www.mulesoft.com/ Ory: https://www.ory.am/index.html Stormpath (now Okta): https://www.okta.com/ Nordic APIs: https://nordicapis.com/ Amazon Cognito: https://aws.amazon.com/cognito/
- 16. Resources for JSON Web Token https://auth0.com/learn/json-web-tokens/ https://jwt.io/introduction/ https://scotch.io/tutorials/the-anatomy-of-a-json- web-token https://auth0.com/e-books/jwt-handbook
- 17. Resource for OAuth2 RFC 6749 - https://tools.ietf.org/html/rfc6749 RFC 6750 - https://tools.ietf.org/html/rfc6750 https://auth0.com/docs/protocols/oauth2 https://developers.google.com/oauthplayground/