Matt Hathcock

Camp Counselor

Protecting your API with OAuth

Event Logo

Wednesday, July 27, 2022 - 9:00 PM UTC, for 1 hour.

Regular, 60 minute presentation

Room: F


OAuth is a well known standard and is useful for delegating authentication and authorization decisions to a central identity provider. Doing so allows your application to ignore the authentication and authorization process and allows the identity provider to focus on what it does best, finding out if a user is who they say they are and figuring out authorization level that user has. As a developer writing an API, you have a token when a grant completes. But what happens then? This talk will discuss client and server side code and logic needed when calling an API after you have an access token. This will include how to store a token in the API client, how to refresh a token using the refresh grant, and what your API code should examine when presented with a token.


It would be helpful if they have built an API or know how to do so.

Take Aways

  • You'll learn what to do when you get an access token to secure your API.
favorited by:
Tim Kempster Aidan Abney Daniel Garcia Tadd Eells Matthew Ives Kevin Moens Spenser Austin Nicolette Anderson Jacob Galloway Mike Dempewolf Tim Miller Craig Jeffords Mario Aranda Kyle Wormsbacher Dave Aronson Eric Boyd Ken Samson Josh Kurnik Clint Laskowski John Kozlowski Matt Li Kevin Kelchen Dan Willman Danger Casey Joshua Below James McCollum Warren Janisch Mary Lou Essert Mark Oppedahl Joe Steinbring Edmund Greaves Tad Hadtrath