OAuth is fast becoming the most widely recognized standard for access control with REST and Web APIs. And OAuth 2.0 – the latest version of the protocol – is impressively rich, with many grant types addressing many use cases (two-legged, three-legged, with or without redirection etc).
I recently launched a series of video tutorials in which I provide practical instructions on using OAuth with Layer 7’s SecureSpan and CloudSpan Gateways. Layer 7’s OAuth 2.0 template implementation provides a standard-compliant OAuth solution to which you integrate your API, identity providers, API keys and so forth.
The Layer 7 OAuth Toolkit also includes client applications for testing each grant type defined by the specification. This is very similar to what Google provides with the Google OAuth Playground. You can test the OAuth handshake and test calling an API using the access token provided by the handshake. You can also test token revocation and token refresh.
Embedded below, the first tutorial in the series – Incorporate an Existing API & Identity Provider – shows how our template allows you to leverage existing resources in an OAuth deployment. Over the coming weeks I’ll be posting all the tutorials in the series. In the meantime, for more information on how our Gateways enable OAuth, download the OAuth Toolkit data sheet.
OAuth 2.0 with Layer 7 Gateways, Tutorial 1: Incorporate an Existing API & Identity Provider