filmov
tv
How to protect an API with OAuth
Показать описание
OAuth is a well-known standard for delegating authentication and authorization decisions to a central identity provider. Doing so allows your application to ignore the authentication and authorization process and allows the identity provider to focus on what it does best, finding out if a user is who they say they are and figuring out the authorization level that user has.
As a developer writing an API, you have a token when a grant completes.
But what happens then? This talk will discuss client and server-side code and logic needed when calling an API after you have an access token. This will include how to store a token in the API client, refresh a token using the refresh grant, and what your API code should examine when presented with a token.
Presented by Dan Moore, Head of Developer Relations at FusionAuth.
As a developer writing an API, you have a token when a grant completes.
But what happens then? This talk will discuss client and server-side code and logic needed when calling an API after you have an access token. This will include how to store a token in the API client, refresh a token using the refresh grant, and what your API code should examine when presented with a token.
Presented by Dan Moore, Head of Developer Relations at FusionAuth.
0:09:41
0:07:42
0:09:47
0:06:10
0:01:39
0:09:25
0:00:45
0:05:15
0:00:40
0:11:18
0:27:25
0:10:13
0:33:17
0:09:13
0:38:16
0:09:48
0:09:36
1:00:40
0:47:01
0:11:42
0:25:42
0:45:10
0:16:12
0:39:43