Protecting your API with OAuth
OAuth is a well known standard and is useful for delegating authentication and authorization decisions to a central identity provider. Doing so allows your application to ignore the authentication and authorization process and allows the identity provider to focus on what it does best, finding out if a user is who they say they are and figuring out authorization level that user has. As a developer writing an API, you have a token when a grant completes. But what happens then? This talk will discuss client and server side code and logic needed when calling an API after you have an access token. This will include how to store a token in the API client, how to refresh a token using the refresh grant, and what your API code should examine when presented with a token.
Prerequisites
It would be helpful if they have built an API or know how to do so.
Take Aways
- You'll learn what to do when you get an access token to secure your API.