OAuth 2.0 has become the de facto standard for securing modern APIs. OAuth 2.0 itself does not protect your API, but it provides you the framework to make consistent authorization decisions for different types of clients. But before you get there, you will have to figure out a lot of details. Do you use reference tokens or self-contained tokens? What is token introspection, and you need it? How do you revoke tokens? How do you secure server-to-server API calls?
In this session, we guide you into making these decisions. You will learn about reference tokens and self-contained tokens, their advantages and disadvantages. We dive into handling authorization with OAuth 2.0, using scopes and fine-grained permissions. We also dig deeper into using OAuth 2.0 to secure machine-to-machine communication between backend services. At the end of this session, you will have learned to tame the versatility of OAuth 2.0 to secure your APIs.