![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
A book of two halves
Oct. 9th, 2023 08:50 pmBook Review: OAuth 2 in Action, by Justin Richer and Antonio Sanso
I began reading this before going on holiday, but it didn't feel like holiday reading, so I put it down until I returned. Then I had covid, so this was very much a reading in two halves. But it also felt like a book of two halves, with some of the later chapters going a bit further off-topic than I would have liked. The book begins with a thorough run through several OAuth scenarios, showing how the different grant types work and explaining their pros and cons. It's a complicated subject and I'm not sure these are always clear. Several chapters are spent discussing potential implementation vulnerabilities and whilst there is good advice and it's clearly well-intentioned, it's alarming to learn the ways in which such a widely used standard can be abused. The discussions on JWT and OIDC are very useful to my work, but the later chapters on US health care standards seem irrelevant. On the whole I found this a decent reference for the technology, but there are quite a few chapters I doubt I'll dip into again.
I began reading this before going on holiday, but it didn't feel like holiday reading, so I put it down until I returned. Then I had covid, so this was very much a reading in two halves. But it also felt like a book of two halves, with some of the later chapters going a bit further off-topic than I would have liked. The book begins with a thorough run through several OAuth scenarios, showing how the different grant types work and explaining their pros and cons. It's a complicated subject and I'm not sure these are always clear. Several chapters are spent discussing potential implementation vulnerabilities and whilst there is good advice and it's clearly well-intentioned, it's alarming to learn the ways in which such a widely used standard can be abused. The discussions on JWT and OIDC are very useful to my work, but the later chapters on US health care standards seem irrelevant. On the whole I found this a decent reference for the technology, but there are quite a few chapters I doubt I'll dip into again.