Skip to main content

Posts

Showing posts from February, 2014

[Book review] OAuth 2.0 Identity and Access Management Patterns

I accepted to do a review of the newly published OAuth 2.0 Identity and Access Management Patterns by Martin Spasovski. He is a friend of mine so with impartiality in mind it would be fail enough of me to give this information beforehand.

OAuth is the most widely known and used authorization framework. There are many service providers like Facebook and Twitter making it easy to connect with millions of users. From the users perspective is significantly simpler than remember and managing different passwords which is easily manipulated. The book make nice introduction to integration of OAuth 2.0 on web applications, desktop and mobile. It also covers various flows and a server side implementation using SpringMVC. While the examples throughout the book are clean one part really caught my attention :
tokenEndpoint .concat("?grant_type=client_credentials") .concat("&client_id=").concat(clientId) .concat("&client_secret=").concat(clientSecret) …