Book “OAuth 2.0 Identity and Access Management Patterns” is available

I’m proud to announce that the first book I authored, OAuth 2.0 Identity and Access Management Patterns, is out and available for purchase.


OAuth 2 is a protocol with which I had been working with at my day-job on several occasions, so the practical experience and previous research done on this topic was very useful (just to note, I have been working with OpenID and Persona as well).

When the team at Packt Publishing contacted me, I was happy to author a book on this topic.

 What is the book about?

First a short intro on OAuth: We use OAuth every day, for example: I want my Foursquare check-ins to be auto posted on Facebook. So I go in Foursquare and say add Facebook account. Then I am redirected to Facebook where it asks me if I want to approve the application request – where I say yes or no – and then I am redirected back to Foursquare. In this final step, if the decision was yes, Foursquare gets a unique ‘token’ for my Facebook user, and with that one it can post status updates in my name.

So OAuth basically specifies how this protocol of authorization should work and which data is exchanged in the background between the servers and applications. OAuth 2 is in use by all ‘big players’: Google, Amazon, Facebook, LinkedIn, and so on… so the previous question whether it is a hot topic? It may not be the hottest topic at the moment, but it’s a pretty important one.

The book (in short): Covers how to implement OAuth 2 in all types of applications, web, client-side, desktop, mobile; explains the protocol in detail and outlines security precautions that should be taken in consideration. Altogether with code examples.

 But, aren’t there already books on OAuth 2?

Yes there are. What is different about this book:

 What do I get as a reader?

Key features of this book are:

 On which information is the book based?

When writing the book I did extensive research on RFC documents that deal with OAuth 2, these are the main ones:


If you red the book and have a comment or an opinion, let me know! If you found something that you think can be improved in the book, go to Packt’s book page and submit errata on the Support section. Thanks!


Now read this

Inspect element and JavaScript console on Android and iOS devices with weinre

From time to time a developer needs to run some JS, or to check out the source of a page that is loaded, on a tablet or a smartphone. The first thing you’ll notice that Chrome has no developer tools on mobile. Fear not, remote access is... Continue →