An Identity Layer for your APIs

What is the difference between OAuth 2 and OpenID Connect?
For API security there are two standards — and they both start with O. So it is no wonder, people ask all the time what the difference between the two is.

If you have read the OAuth 2 Book, you already know a lot about OAuth. The OAuth standard ensures that there is no unintended leakage of information about the resource owner to the client. For example, it is ensured that the client does not get hold of the resource owner’s credentials. The OAuth standard ensures the privacy of the resource owner. However, there are cases, where the client should have the possibility to get access to specific profile information of the resource owner.

Usage Scenario
There are cases, in which the client should have the possibility to get access to specific profile information of the resource owner, for example the resource owner’s name or address. Of course, the access right to this information is only provided, if the resource owner explicitly consents to the delegation of the respective access rights to the client.

The profile information about the resource owner is made accessible via APIs with a RESTful interface. OpenID Connect standardizes how such interfaces look like and how the data is structured and organized. OpenID Connect extends the authorization code flow, introduces new tokens and standardizes some endpoints. OpenID Connect is a solution that can be applied in many environments, on many devices and with many different products.

The API-University Series is a modular series of books on API-related topics. Each book focuses on a particular API topic, so you can select the topics within APIs, which are relevant for you.

Keywords: OpenID Connect, REST, API, JWT, Token, Identity, OAuth

Available December 2017.

Get a Discount Code Now:


Preview


Get the Book


Download PDF $39.99
Available December 2017.
Get a Discount Code Now:


 

About

Title: OpenID Connect – Identity Layer for your APIs
Author: Matthias Biehl
Release Date: 2017-12-30
Length: 90 pages
Language: English
ISBN-10: 1979718474
ISBN-13: 978-1979718479
Categories:
COMPUTERS > Security > Online Safety & Privacy
COMPUTERS > Web > Web Services & APIs