Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/shyuan/awesome-oauth-oidc
Collect documentation related to OAuth 2.0 and OpenID Connect
https://github.com/shyuan/awesome-oauth-oidc
List: awesome-oauth-oidc
Last synced: 16 days ago
JSON representation
Collect documentation related to OAuth 2.0 and OpenID Connect
- Host: GitHub
- URL: https://github.com/shyuan/awesome-oauth-oidc
- Owner: shyuan
- License: mit
- Created: 2017-10-05T17:41:03.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2023-08-29T07:33:30.000Z (over 1 year ago)
- Last Synced: 2024-05-22T04:05:52.454Z (7 months ago)
- Homepage:
- Size: 33.2 KB
- Stars: 20
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- ultimate-awesome - awesome-oauth-oidc - Collect documentation related to OAuth 2.0 and OpenID Connect. (Other Lists / Monkey C Lists)
README
# Awesome OAuth 2.0 and OpenID Connect
## Site
* [OAuth on Wikipedia](https://en.wikipedia.org/wiki/OAuth)
* [OAuth.net by Okta](https://oauth.net/)
* [OAuth.com by Okta](https://www.oauth.com/)
* [OAuth Articles and Posts by Alex Bilbie](https://alexbilbie.com/tag/oauth/)
* [OpenID Connect](https://openid.net/connect/)## Specification
### Formal
* [The OAuth 2.0 Authorization Framework (RFC 6749)](https://tools.ietf.org/html/rfc6749)
* [The OAuth 2.0 Authorization Framework: Bearer Token Usage (RFC 6750)](https://tools.ietf.org/html/rfc6750)
* [OAuth 2.0 Threat Model and Security Considerations (RFC 6819)](https://tools.ietf.org/html/rfc6819)
* [OAuth 2.0 Token Revocation (RFC 7009)](https://tools.ietf.org/html/rfc7009)
* [JSON Web Signature (JWS) (RFC 7515)](https://tools.ietf.org/html/rfc7515)
* [JSON Web Encryption (JWE) (RFC 7516)](https://tools.ietf.org/html/rfc7516)
* [JSON Web Key (JWK) (RFC 7517)](https://tools.ietf.org/html/rfc7517)
* [JSON Web Algorithms (JWA) (RFC 7518)](https://tools.ietf.org/html/rfc7518)
* [JSON Web Token (JWT) (RFC 7519)](https://tools.ietf.org/html/rfc7519)
* [Examples of Protecting Content Using JSON Object Signing and Encryption (JOSE) (RFC 7520)](https://tools.ietf.org/html/rfc7520)
* [Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7521)](https://tools.ietf.org/html/rfc7521)
* [SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7522)](https://tools.ietf.org/html/rfc7522)
* [JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (RFC 7523)](https://tools.ietf.org/html/rfc7523)
* [OAuth 2.0 Dynamic Client Registration Protocol (RFC 7591)](https://tools.ietf.org/html/rfc7591)
* [OAuth 2.0 Dynamic Client Registration Management Protocol (RFC 7592)](https://tools.ietf.org/html/rfc7592)
* [Proof Key for Code Exchange by OAuth Public Clients (RFC 7636)](https://tools.ietf.org/html/rfc7636)
* [OAuth 2.0 Token Introspection (RFC 7662)](https://tools.ietf.org/html/rfc7662)
* [JSON Web Signature (JWS) Unencoded Payload Option (RFC 7797)](https://tools.ietf.org/html/rfc7797)
* [Authentication Method Reference Values (RFC 8176)](https://tools.ietf.org/html/rfc8176)
* [OAuth 2.0 for Native Apps (RFC 8252)](https://tools.ietf.org/html/rfc8252)
* [OAuth 2.0 Authorization Server Metadata (RFC 8414)](https://tools.ietf.org/html/rfc8414)
* [OAuth 2.0 Device Authorization Grant (RFC 8628)](https://tools.ietf.org/html/rfc8628)
* [OAuth 2.0 Mutual TLS Client Authentication and Certificate-Bound Access Tokens (RFC 8705)](https://tools.ietf.org/html/rfc8705)
* [OAuth 2.0 Token Exchange (RFC 8693)](https://tools.ietf.org/html/rfc8693)
* [JSON Web Token Best Current Practices (RFC 8725)](https://tools.ietf.org/html/rfc8725)
* [The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request(JAR) (RFC 9101)](https://datatracker.ietf.org/doc/html/rfc9101)### Draft
#### Active
* [OAuth 2.0 Security Best Current Practice](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-23)
* [OAuth 2.0 for Browser-Based Apps](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps-14)
* [The OAuth 2.1 Authorization Framework](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-09)#### Expired & archived
* [Reciprocal OAuth (draft-ietf-oauth-reciprocal-04)](https://tools.ietf.org/html/draft-ietf-oauth-reciprocal-04)
* [OAuth 2.0 Token Binding (draft-ietf-oauth-token-binding-08)](https://tools.ietf.org/html/draft-ietf-oauth-token-binding-08)
* [OAuth 2.0 Incremental Authorization(draft-ietf-oauth-incremental-authz-04)](https://tools.ietf.org/html/draft-ietf-oauth-incremental-authz-04)## Article
* OAuth 2.0 系列文 by [Yucheng Chuang](https://twitter.com/yorkxin)
* [(1) 世界觀](http://blog.yorkxin.org/posts/2013/09/30/oauth2-1-introduction/)
* [(2) Client 的註冊與認證](http://blog.yorkxin.org/posts/2013/09/30/oauth2-2-cilent-registration/)
* [(3) Endpoints 的規格](http://blog.yorkxin.org/posts/2013/09/30/oauth2-3-endpoints/)
* [(4.1) Authorization Code Grant Flow 細節](https://blog.yorkxin.org/2013/09/30/oauth2-4-1-auth-code-grant-flow)
* [(4.2) Implicit Grant Flow 細節](https://blog.yorkxin.org/2013/09/30/oauth2-4-2-implicit-grant-flow)
* [(4.3) Resource Owner Credentials Grant Flow 細節](https://blog.yorkxin.org/2013/09/30/oauth2-4-3-resource-owner-credentials-grant-flow)
* [(4.4) Client Credentials Grant Flow 細節](https://blog.yorkxin.org/2013/09/30/oauth2-4-4-client-credentials-grant-flow)
* [(5) 核發與換發 Access Token](https://blog.yorkxin.org/2013/09/30/oauth2-5-issuing-tokens)
* [(6) Bearer Token 的使用方法](https://blog.yorkxin.org/2013/09/30/oauth2-6-bearer-token)
* [(7) 安全性問題](https://blog.yorkxin.org/2013/09/30/oauth2-7-security-considerations)
* [各大網站 OAuth 2.0 實作差異](https://blog.yorkxin.org/2013/09/30/oauth2-implementation-differences-among-famous-sites)
* [OAuth 2 Simplified by Aaron Parecki](https://aaronparecki.com/oauth-2-simplified/)
* [理解OAuth 2.0 by 阮一峰](http://www.ruanyifeng.com/blog/2014/05/oauth_2_0.html)
* [帮你深入理解OAuth2.0协议](http://blog.csdn.net/seccloud/article/details/8192707)## Book
* [OAuth 2 in Action](https://www.manning.com/books/oauth-2-in-action)
* [Getting Started with OAuth 2.0 - Programming Clients for Secure Web API Authorization and Authentication](http://shop.oreilly.com/product/0636920021810.do)
* [Identity and Data Security for Web Development - Best Practices](http://shop.oreilly.com/product/0636920044376.do)
* [OAuth 2.0 – Getting Started in Web-API Security](https://api-university.com/books/oauth-2-0-book/)## Playground
* [OAUTH.TOOLS](https://oauth.tools/)
* [Google OAuth 2.0 Playground](https://developers.google.com/oauthplayground/)## X
* https://twitter.com/alexxubyte/status/1696180531266715815