OAuth has become a central security component with respect to a modern REST-based architecture - and several extensions have since been developed, like JWT, OpenID Connect and UMA, to provide a broader coverage. Both server and client development need a good understanding of these concepts to guarantee end-to-end security. In this talk Chris will guide us through the current landscape of OAuth and zoom in on mature (like JWT and OpenID Connect) and uprising extensions (like UMA and Proof of Possession) - but also how to interface with a SOAP-based architecture (like SAML). Don’t forget to bring a towel - but what about silver shoes?