Online Courses
API Authentication
Online Courses
API Authentication
  • Introduction
  • API Authentication - a (very) brief introduction
    • The variants of API Authentication
    • Basic Authentication
    • API Keys
    • TLS Authentication
    • Token Based Authentication
    • Token Based Authentication and Authorization
    • OpenID Connect vs OAuth
    • History
    • Summary
    • Quiz
  • OAuth Actors
    • OAuth Actors
    • OAuth 2.0 Autors
    • Authorization vs Delegation
    • Quiz
  • OAuth 2.0 Interaction patterns
    • OAuth Code Flow
    • Client Credentials
    • Summary
    • Quiz
  • Tokens
    • Tokens
    • Formats
      • Bearer
      • PoP Tokens
    • Using an Access Token
    • Using a DPoP Access Token
    • JSON Web Token
    • Summary
    • Quiz
  • Scopes and Claims
    • What are scopes?
    • User Consent
    • Example
    • Claims
    • How to identity data to put in the token
    • Scopes and claim hierarcy
    • Putting it together
    • Summary
    • Quiz
  • APIs and Gateways
    • Why Gateways
    • Adding OAuth
    • Remember formats?
    • All APIs should depend on JWTs
    • Introspection
    • API to API call
    • API Authorization
    • Summary
    • Quiz
  • Final Assessment
Powered by GitBook
On this page
  • OAuth 1 - IETF standard 2010
  • OAuth 2.0 IETF standard late 2012
  1. API Authentication - a (very) brief introduction

History

OAuth 1 - IETF standard 2010

Driven by Twitter and Google

Relied heavily on signing

Did not require HTTPS

Hard to implement clients

OAuth 2.0 IETF standard late 2012

Does not rely on signing

Requires HTTPS

Easy to implement Clients

Currently wide adoption

OAuth 2.1 underway

PreviousOpenID Connect vs OAuthNextSummary

Last updated 9 months ago