The path to "OAuth徹底入門"

The path so far (3 books)

1. 1 / 3Real World HTTP 第3版Intermediate

   Why read this first: Authentication, sessions, and cookies all sit on top of HTTP. Grasping HTTP's behavior from first principles first lets you understand structurally where in the protocol the vulnerabilities in Tokumaru's book actually arise.

   Sources

   • HTTP - MDN Web Docs
   • OWASP Top 10 - OWASP Foundation
2. 2 / 3体系的に学ぶ 安全なWebアプリケーションの作り方 第2版Intermediate

   Why read this first: After grasping the overall picture of vulnerability defense, descend to the cryptographic foundation that much of it relies on. Understanding the logic of hashing, signatures, and public-key crypto lets you treat TLS and token verification as principles rather than magic.

   Sources

   • A02:2021 Cryptographic Failures - OWASP Top 10
3. 3 / 3暗号技術入門 第3版Beginner

   Why read this first: Only with a foundation in signatures and public-key cryptography can you correctly understand token-based authorization. OAuth 2.0 is the de facto standard for delegating privileges; learn its grant types and flows from first principles.

   Sources

   • RFC 6749: The OAuth 2.0 Authorization Framework - IETF