Justin Richer

SE Radio 376: Justin Richer On API Security with OAuth 2

Justin Richer, lead author of the OAuth2 In Action book and editor of OAuth extensions RFC 7591, 7592, and 7662, discusses the key technical features of the OAuth 2.0, the industry-standard protocol for authorization and what makes this the best choice for authorizing access to API resources. Host Gavin Henry spoke with Richer about browser based OAuth2, types of tokens, OpenID Connect, PKCE, JSON Web Token pros and cons, where to store them, client secrets, Single Page Apps, Mobile Apps, current best practices, OAuth.XYZ, HEART, MITREid, token validation, dynamic client registration, the decision factors of the various types of authorization grants to use and what is next for OAuth.

Show Notes

Related Links

SE Radio theme: “Broken Reality” by Kevin MacLeod ( — Licensed under Creative Commons: By Attribution 3.0)

Join the discussion

More from this show