oauth tutorial - OAuth with apigateway
- oauth2 tutorial - oauth authentication
Implementing an OAuth Server
Find a server library already written:
A short list available here: http://oauth.net/2/
Read the spec of your chosen draft, in its entirety.
These people didn’t write the spec for you to ignore it.
Each word is chosen carefully.
Ultimately, each implementation is somewhat different, since in
many cases the spec says SHOULD and leaves the choice up to
Understand the security implications of the implementation
choices you make.
Choose which grant types you want to support
- Authorization Code – for traditional web apps
- Implicit – for browser-based apps and mobile apps
- Password – for your own website or mobile apps
- Client Credentials – if applications can access resources on
- Choose whether to support Bearer tokens, MAC or both
- Define appropriate scopes for your service
- Source code available on Github