The Secrets of OAuth 2.0 Part 1/2 • Aaron Parecki & Eric Johnson • GOTO 2020

This interview was recorded for the GOTO Book Club. #GOTOcon #GOTOBookClub http://gotopia.tech/bookclub Aaron Parecki - Author of "OAuth 2.0 Simplified" @aaronpk Eric Johnson - Senior Developer Advocate at AWS Serverless PART 2: https://youtu.be/mb4JzsBBglg DESCRIPTION The OAuth 2.0 authorization framework has become the industry standard in providing secure access to web APIs. It allows users to grant external applications access to their data, such as profile data, photos, and email, without compromising security. OAuth 2.0 Simplified is a guide to building an OAuth 2.0 server. Through high-level overviews, step-by-step instructions, and real-world examples, you will learn how to take advantage of the OAuth 2.0 framework while building a secure API. The interview is based on Aaron Parecki's new book "OAuth 2.0 Simplified": https://amzn.to/2A3IMOf TIMECODES 00:00 Series intro 00:48 Episode intro 01:09 The history of OAuth 03:15 Differences between OAuth 1 & 2 09:28 Differences between AuthN & AuthZ 15:06 Who is the target audience for this book? 16:28 Do you recommend building your own OAuth server? 19:34 What's a grant type and how does it work? 23:30 Advantages of short access & long refresh token periods 26:47 What is PKCE grant type in OAuth & how to use it 31:14 Key takeaways from the book 33:13 Outro Read the full transcription of the interview here: https://gotopia.tech/bookclub/episodes/the-secrets-of-oauth-2 RECOMMENDED BOOKS Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf Aaron Parecki • OAuth 2.0 Servers • https://amzn.to/3ecHEsz Aaron Parecki • The Little Book of OAuth 2.0 RFCs • https://amzn.to/3i7qnlC Erdal Ozkaya • Cybersecurity: The Beginner's Guide • https://amzn.to/2T6OIj3 Richer & Sanso • OAuth 2 in Action • https://amzn.to/3hXiAH6 Wilson & Hingnikar • Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0 • https://amzn.to/2U8iLY2 https://twitter.com/GOTOcon https://www.linkedin.com/company/goto- https://www.instagram.com/goto_con https://www.facebook.com/GOTOConferences #OAuth #OAuth2 #OAuth1 #Security #AuthN #AuthZ #PKCE #OAuthServer #Programming #AaronParecki #EricJohnson #Serverless #ProgrammingLanguages #Privacy CHANNEL MEMBERSHIP BONUS Join this channel to get early access to videos & other perks: https://www.youtube.com/channel/UCs_tLP3AiwYKwdUHpltJPuA/join Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech Sign up for updates and specials at https://gotopia.tech/newsletter SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConferences/?sub_confirmation=1