Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/shyuan/awesome-oauth-oidc

Collect documentation related to OAuth 2.0 and OpenID Connect
https://github.com/shyuan/awesome-oauth-oidc

List: awesome-oauth-oidc

Last synced: 3 months ago
JSON representation

Collect documentation related to OAuth 2.0 and OpenID Connect

Host: GitHub
URL: https://github.com/shyuan/awesome-oauth-oidc
Owner: shyuan
License: mit
Created: 2017-10-05T17:41:03.000Z (about 7 years ago)
Default Branch: master
Last Pushed: 2023-08-29T07:33:30.000Z (about 1 year ago)
Last Synced: 2024-05-22T04:05:52.454Z (6 months ago)
Homepage:
Size: 33.2 KB
Stars: 20
Watchers: 2
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

ultimate-awesome - awesome-oauth-oidc - Collect documentation related to OAuth 2.0 and OpenID Connect. (Other Lists / PowerShell Lists)

README

        # Awesome OAuth 2.0 and OpenID Connect

## Site

* [OAuth on Wikipedia](https://en.wikipedia.org/wiki/OAuth)

* [OAuth.net by Okta](https://oauth.net/)

* [OAuth.com by Okta](https://www.oauth.com/)

* [OAuth Articles and Posts by Alex Bilbie](https://alexbilbie.com/tag/oauth/)

* [OpenID Connect](https://openid.net/connect/)

## Specification

### Formal

* [The OAuth 2.0 Authorization Framework (RFC 6749)](https://tools.ietf.org/html/rfc6749)

* [The OAuth 2.0 Authorization Framework: Bearer Token Usage (RFC 6750)](https://tools.ietf.org/html/rfc6750)

* [OAuth 2.0 Threat Model and Security Considerations (RFC 6819)](https://tools.ietf.org/html/rfc6819)

* [OAuth 2.0 Token Revocation (RFC 7009)](https://tools.ietf.org/html/rfc7009)

* [JSON Web Signature (JWS) (RFC 7515)](https://tools.ietf.org/html/rfc7515)

* [JSON Web Encryption (JWE) (RFC 7516)](https://tools.ietf.org/html/rfc7516)

* [JSON Web Key (JWK) (RFC 7517)](https://tools.ietf.org/html/rfc7517)

* [JSON Web Algorithms (JWA) (RFC 7518)](https://tools.ietf.org/html/rfc7518)

* [JSON Web Token (JWT) (RFC 7519)](https://tools.ietf.org/html/rfc7519)

* [Examples of Protecting Content Using JSON Object Signing and Encryption (JOSE) (RFC 7520)](https://tools.ietf.org/html/rfc7520)

* [Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7521)](https://tools.ietf.org/html/rfc7521)

* [SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7522)](https://tools.ietf.org/html/rfc7522)

* [JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523)](https://tools.ietf.org/html/rfc7523)

* [OAuth 2.0 Dynamic Client Registration Protocol (RFC 7591)](https://tools.ietf.org/html/rfc7591)

* [OAuth 2.0 Dynamic Client Registration Management Protocol (RFC 7592)](https://tools.ietf.org/html/rfc7592)

* [Proof Key for Code Exchange by OAuth Public Clients (RFC 7636)](https://tools.ietf.org/html/rfc7636)

* [OAuth 2.0 Token Introspection (RFC 7662)](https://tools.ietf.org/html/rfc7662)

* [JSON Web Signature (JWS) Unencoded Payload Option (RFC 7797)](https://tools.ietf.org/html/rfc7797)

* [Authentication Method Reference Values (RFC 8176)](https://tools.ietf.org/html/rfc8176)

* [OAuth 2.0 for Native Apps (RFC 8252)](https://tools.ietf.org/html/rfc8252)

* [OAuth 2.0 Authorization Server Metadata (RFC 8414)](https://tools.ietf.org/html/rfc8414)

* [OAuth 2.0 Device Authorization Grant (RFC 8628)](https://tools.ietf.org/html/rfc8628)

* [OAuth 2.0 Mutual TLS Client Authentication and Certificate-Bound Access Tokens (RFC 8705)](https://tools.ietf.org/html/rfc8705)

* [OAuth 2.0 Token Exchange (RFC 8693)](https://tools.ietf.org/html/rfc8693)

* [JSON Web Token Best Current Practices (RFC 8725)](https://tools.ietf.org/html/rfc8725)

* [The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request(JAR) (RFC 9101)](https://datatracker.ietf.org/doc/html/rfc9101)

### Draft

#### Active

* [OAuth 2.0 Security Best Current Practice](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-23)

* [OAuth 2.0 for Browser-Based Apps](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps-14)

* [The OAuth 2.1 Authorization Framework](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-09)

#### Expired & archived

* [Reciprocal OAuth (draft-ietf-oauth-reciprocal-04)](https://tools.ietf.org/html/draft-ietf-oauth-reciprocal-04)

* [OAuth 2.0 Token Binding (draft-ietf-oauth-token-binding-08)](https://tools.ietf.org/html/draft-ietf-oauth-token-binding-08)

* [OAuth 2.0 Incremental Authorization(draft-ietf-oauth-incremental-authz-04)](https://tools.ietf.org/html/draft-ietf-oauth-incremental-authz-04)

## Article

* OAuth 2.0 系列文 by [Yucheng Chuang](https://twitter.com/yorkxin)

    * [(1) 世界觀](http://blog.yorkxin.org/posts/2013/09/30/oauth2-1-introduction/)

    * [(2) Client 的註冊與認證](http://blog.yorkxin.org/posts/2013/09/30/oauth2-2-cilent-registration/)

    * [(3) Endpoints 的規格](http://blog.yorkxin.org/posts/2013/09/30/oauth2-3-endpoints/)

    * [(4.1) Authorization Code Grant Flow 細節](https://blog.yorkxin.org/2013/09/30/oauth2-4-1-auth-code-grant-flow)

    * [(4.2) Implicit Grant Flow 細節](https://blog.yorkxin.org/2013/09/30/oauth2-4-2-implicit-grant-flow)

    * [(4.3) Resource Owner Credentials Grant Flow 細節](https://blog.yorkxin.org/2013/09/30/oauth2-4-3-resource-owner-credentials-grant-flow)

    * [(4.4) Client Credentials Grant Flow 細節](https://blog.yorkxin.org/2013/09/30/oauth2-4-4-client-credentials-grant-flow)

    * [(5) 核發與換發 Access Token](https://blog.yorkxin.org/2013/09/30/oauth2-5-issuing-tokens)

    * [(6) Bearer Token 的使用方法](https://blog.yorkxin.org/2013/09/30/oauth2-6-bearer-token)

    * [(7) 安全性問題](https://blog.yorkxin.org/2013/09/30/oauth2-7-security-considerations)

    * [各大網站 OAuth 2.0 實作差異](https://blog.yorkxin.org/2013/09/30/oauth2-implementation-differences-among-famous-sites)

* [OAuth 2 Simplified by Aaron Parecki](https://aaronparecki.com/oauth-2-simplified/)

* [理解OAuth 2.0 by 阮一峰](http://www.ruanyifeng.com/blog/2014/05/oauth_2_0.html)

* [帮你深入理解OAuth2.0协议](http://blog.csdn.net/seccloud/article/details/8192707)

## Book

* [OAuth 2 in Action](https://www.manning.com/books/oauth-2-in-action)

* [Getting Started with OAuth 2.0 - Programming Clients for Secure Web API Authorization and Authentication](http://shop.oreilly.com/product/0636920021810.do)

* [Identity and Data Security for Web Development - Best Practices](http://shop.oreilly.com/product/0636920044376.do)

* [OAuth 2.0 – Getting Started in Web-API Security](https://api-university.com/books/oauth-2-0-book/)

## Playground

* [OAUTH.TOOLS](https://oauth.tools/)

* [Google OAuth 2.0 Playground](https://developers.google.com/oauthplayground/)

## X

* https://twitter.com/alexxubyte/status/1696180531266715815