CODEWITHSUNDEEP
oauth-2.0
Kevin Bowersox
Kevin Bowersox

Reputation: 94429

OAuth2.0 for Rest API

I have spent the past three days researching OAuth 2.0 and I understood how OAuth can be used to interact with a service provided by a heavy weight such as Google or Facebook. However, I'm struggling to see how someone without a team of tech wizards (aka Me) goes about protecting their API with the protocol.

I have a number of questions and was wondering if someone with some experience can help me.

Here goes nothing...

  1. Is there a clear cut leader in terms of an OAuth Authorization Server implementation (Java)? If yes, is there any good resource out there to teach me how to use it?

Its my understanding that I would need to either build an authorization server or leverage a library to dish out client secrets/tokens.

  1. Should I even be thinking about a library or should I be building my own implementation?

  2. Is OAuth still relevant? From what I can see, it seems like the hype around the technology has leveled off or diminished since 2010. I also saw an article where the spec lead disassociated himself from the protocol.

I appreciate any advice or help, I can't find many resources on this topic that address it clearly (tons of Powerpoints, no code). There seems to be a bunch of talk about how it works, yet no book or article can give a solid tutorial. The documentation for the providers I have found is also very spotty at best. I'm just really starting to question whether this is a legitimate undertaking for someone looking to protect their own simple API. Thanks ahead of time.

Upvotes: 0

Views: 249

Answers (1)

Hans Z.
Hans Z.

Reputation: 53888

Take a look at the Libraries on the OpenID Connect developer pages here: http://openid.net/developers/libraries/

  1. I don't think there's a clear cut leading Java implementation yet
  2. I would not recommend implementing the Authorization Server part on your own, that is the complex part and details matter because this is about security; the client part is easier and should be possible to build even without a library
  3. OAuth is very relevant as it is the only standard out there for securing REST APIs; the hype is over, and now it is common technology; just take a look at all big vendors/SaaS out there, they all use it (starting with Google, Microsoft, Facebook, Twitter etc.)

Upvotes: 1

Related Questions