Security & Networking

OAuth 2.0 Basics

OAuth 2.0 authentication flows and grant types.

OAuth 2.0 Roles

# Resource Owner
User who owns the data

# Client
Application requesting access

# Authorization Server
Issues access tokens

# Resource Server
Hosts protected resources

Authorization Code Flow

# Step 1: Authorization request
GET /authorize?response_type=code&client_id=CLIENT_ID

# Step 2: User grants permission
User logs in and authorizes

# Step 3: Authorization code returned
CALLBACK?code=AUTH_CODE

# Step 4: Exchange code for token
POST /token with code and client_secret

Grant Types

# Authorization Code
Most secure, for server-side apps
grant_type=authorization_code

# Client Credentials
Machine-to-machine
grant_type=client_credentials

# Refresh Token
Get new access token
grant_type=refresh_token

Token Response

# Response format
{
    "access_token": "xyz123",
    "token_type": "Bearer",
    "expires_in": 3600,
    "refresh_token": "abc789"
}

Related References

Security & Networking

API Security Best Practices

Securing REST APIs with authentication and rate limiting.
Security & Networking

CORS Basics

Cross-Origin Resource Sharing configuration and headers.
Security & Networking

CSRF & XSS Prevention

Preventing Cross-Site Request Forgery and Cross-Site Scripting attacks.