In this session, we'll look at OAuth, focusing on OAuth 2, from the perspective of an application that consumes an OAuth-secured API as well as see how to use OAuth to secure your own APIs.

Web security is nothing new. As users of the web, we're all accustomed to entering our usernames and fumbling to recall our passwords when trying to access private data on one of the many online services we use. But while traditionally web security could be described as a two-party process between a web application and a user, the modern web involves applications that seek to access other applications on behalf of their users. This presents some new challenges in keeping a user's sensitive data secure while still allowing a the third party application to access it.

OAuth is an open standard for authorization, supported by many online services, that allows one application to access a user's data in another application, all while giving the user control of what information is shared.