OAuth is a protocol that combines authentication and authorization. With the release of OAuth 2.0, it has become industry standard mechanism for identity management. Using scopes with JWT, access management can be achieved with OAuth, heightening security while also granting user permissions. OAuth has different flows that typically involve sharing tokens between various entities. For more, read our related articles.

Related articles

Assisted Token Flow: The Answer to OAuth Integration in Single Page Applications

OAuth is an incredibly popular internet standard for granting apps and web services access to the information available on other websites. Though the implementation is complex, the premise is simple: you tell a website you want to access its data, you log in with the user’s details, and off you go — but without some…

Read More

Using OAuth Device Flow For UI-Incapable Devices

As the internet grows and devices become interconnected, authorization is becoming and complex. Early implementations of on services were easy to authorize against since they were tied to desktops, but modern authorization must consider varying environments, from mobile apps to IoT scenarios. Many of our new devices, such as smart TVs and…

Read More

High-Grade API Security For Banks

Financial institutions occupy a special zone for APIs largely because of how stringent the regulatory compliance rulesets are. The data that financial institutions leverage are protected wiy by a variety of regulatory ordinances, and as such, this data has to be stringently controlled, secured, and managed – hence why high-grade API security is such a…

Read More

3 Common Methods of API Authentication Explained

APIs handle enormous amounts of data of a wiy varying type – accordingly, one of the chief concerns of any data provider is how specifically to secure this data. The idea that data should be secret, that it should be unchanged, and that it should be available for manipulation is key to any conversation on…

Read More

Why Can’t I Just Send JWTs Without OAuth?

A JSON Web Ten or JWT is an extremely powerful standard. It’s a signed JSON object; a compact ten format often exchanged in HTTP headers to encrypt web communications. Because of its power, JWTs can be found driving some of the largest modern API implementations. For many, the JWT represents a great solution that balances…

Read More

OAuth 2.0 – Why It’s Vital to IoT Security

In this article we’ll explain why OAuth 2.0 is vital to IoT security. The internet is fundamentally an unsafe place. For every service, every API, there are users who would nothing than to break through the various layers of security you’ve erected. This is no small concern, either — in the US alone,…

Read More