OAuth is a protocol that combines authentication and authorization. With the release of OAuth 2.0, it has become industry standard mechanism for identity management. Using scopes with JWT, access management can be achieved with OAuth, heightening security while also granting user permissions. OAuth has different flows that typically involve sharing tokens between various entities. For more, read our related articles.

Related articles

APIs Will Usher in a Future of Connected Energy

Smart is the buzzword of this decade. There are smartphones, smartwatches, and even smart TVs… but there’s still a lot of things that aren’t smart. Take energy — why can’t we measure our usage habits, charge home batteries during off-peak times, or produce our own energy to with neighbors when they need it? These…

Read More

What is The Role of Identity in API Security?

What options do APIs and microservices have when it comes to authentication and authorization? What is the role of identity in API security? In our last LiveCast, we sought to discover best practices for handling identity within API security. We featured two illuminating lightning talks; one from David Garney of Tyk and another from Travis Spencer of…

Read More

8 Vital OAuth Flows and Powers

Daniel Lindau of Curity provides an overview of important OAuth flows and abilities The API space requires authorization in order to secure data – this is a given in the modern era. Accordingly, implementing the correct authorization system is vitally important, perhaps even important than the API it is meant to handle authorization for….

Read More

Assisted Token Flow: The Answer to OAuth Integration in Single Page Applications

OAuth is an incredibly popular internet standard for granting apps and web services access to the information available on other websites. Though the implementation is complex, the premise is simple: you tell a website you want to access its data, you log in with the user’s details, and off you go — but without some…

Read More

Using OAuth Device Flow For UI-Incapable Devices

As the internet grows and devices become interconnected, authorization is becoming and complex. Early implementations of on services were easy to authorize against since they were tied to desktops, but modern authorization must consider varying environments, from mobile apps to IoT scenarios. Many of our new devices, such as smart TVs and…

Read More

High-Grade API Security For Banks

Financial institutions occupy a special zone for APIs largely because of how stringent the regulatory compliance rulesets are. The data that financial institutions leverage are protected wiy by a variety of regulatory ordinances, and as such, this data has to be stringently controlled, secured, and managed – hence why high-grade API security is such a…

Read More