Getting familiar with IBM MobileFirst Platform Foundation OAuth Security

In recent years OAuth has become a de facto industry standard for authorization. It allows client applications to securely access protected resources on behalf of the data owner without compromising data owner's credentials.

The new OAuth based security model introduced in IBM MobileFirst Platform Foundation v7.0 allows to easily solve many scenarios that were previously considered complex. Combining Authentication Gateways and IBM MobileFirst Platform allows to ensure not only user, but also device and application identities. The power of OAuth combined with flexibility of IBM MobileFirst Platform authentication framework allows implementing complex custom security integration scenarios protecting both MobileFirst internal and 3rd party web services.

In this video blog I'm covering following topics

  • How things worked prior to MobileFirst 7.0 - questions that required manual and sometimes complex solutions
  • OAuth in a nutshell
  • Understanding the OAuth flow
  • OAuth in IBM MobileFirst Platform
  • Leveraging IBM MobileFirst Platform OAuth in real scenarios
  • Demo - protecting Java adapters, Liberty server, NodeJS server

As always - watch in HD for best quality

Part 1 - Theoretical

Part 2 - Demo time

Download the sample project and external server files from here

Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.
Last modified on May 01, 2016