In a traditional client-server authentication model, a resource owner shares their credentials with the client so that the client can access its resources when necessary. The client does that by passing the resource owner’s credentials to the resource server, and the resource server validates the same before providing access to the protected resource(s). Simple, right?
Well, there are a bunch of problems associated with this model, a few of which are listed below:
RingCentral APIs use OAuth 2.0 for authorization. But which grant flow is the best practice for client-side apps, such as desktop, mobile app, and web (Single Page Apps)? The answer to that is authorization code with Proof Key for Code Exchange. In this article, I will introduce and show you how to implement authorization code with PKCE flow in Single Page Apps.
We can get the full steps of authorization code grant flow in the following diagram. A third-party app will need the RingCentral client ID and client secret to exchange and refresh the access token. The third-party app will stay authorized if it refreshes the RingCentral access token before the refresh token has expired, and will get a new refresh token and access token when it refreshes.
Different applications need different permissions. Although you might have a single resource server providing data to multiple apps, it’s often the case that you don’t want all users of application A to access application B.
In this tutorial, you’ll learn how to use Okta and Spring Boot to implement SSO with two client applications and a single resource server. You’ll also learn how to restrict access to the resource server based on app scores and how to use access policies to enforce authentication and authorization rules.
This week, the OAuth 2.0 Token Exchange got its RFC, and there is an upcoming webinar on JWT. In addition, we take a look at where to start with securing your APIs, and how 2020 seems to be shaping up according to analysts.
IETF has published the RFC 8693 for OAuth 2.0 Token Exchange.
Imagine having an app where you can write and store your notes efficiently. Today, we are going to build an app that will keep track of your notes. We’ll use ASP.NET Core to build the app. We’ll also use .NET Core’s OAuth 2.0 authentication middleware to make sure the personal notes are kept secure.
As mentioned earlier, you’ll use an ASP.NET app to build your note-keeping app. Here’s how the app works: The home page will keep track of all your recent notes, and if you include more than three notes, the oldest will be shelved. Once we’ve built the app, you’ll learn how to secure it with OAuth. Read this starter project from GitHub to get started.
