In Episode 376 of “Software Engineering Radio,” Justin Richer, lead author of OAuth2 in Action and editor of OAuth extensions RFC 7591, 7592, and 7662, discusses the key technical features of the OAuth 2.0 protocol for authorization. Gavin Henry spoke with Richer about browser-based OAuth2, types of tokens, OpenID Connect, PKCE, JavaScript Object Notation Web Token pros and cons, where to store them, client secrets, single-page apps, mobile apps, current best practices, OAuth.XYZ, HEART, MITREid, token validation, dynamic client registration, the decision factors of the various types of authorization grants to use, and what is next for OAuth. To hear the full interview, visit http://www.se-radio.net or access our archives via RSS at http:// feeds.feedburner.com/se-radio.

中文翻译：

---

贾斯汀·里奇 (Justin Richer) 谈 OAuth

在“软件工程无线电”的第 376 集中，OAuth2 in Action 的主要作者兼 OAuth 扩展 RFC 7591、7592 和 7662 的编辑 Justin Richer 讨论了用于授权的 OAuth 2.0 协议的关键技术特性。Gavin Henry 与 Richer 讨论了基于浏览器的 OAuth2、令牌类型、OpenID Connect、PKCE、JavaScript Object Notation Web 令牌的优缺点、存储位置、客户端机密、单页应用程序、移动应用程序、当前最佳实践、OAuth .XYZ、HEART、MITREid、令牌验证、动态客户端注册、要使用的各种授权类型的决定因素，以及 OAuth 的下一步。要收听完整的采访，请访问 http://www.se-radio.net 或通过 RSS 访问我们的档案：http://feeds.feedburner.com/se-radio。