Web Security: OAuth and OpenID Connect
Posted by Superadmin on January 06 2019 11:02:05

Web Security: OAuth and OpenID Connect

While many technical professionals claim to know and understand OAuth, reality often suggests otherwise. Implementing the proper grant types and the required flows while securely protecting your secrets is challenging at best and catastrophic at worst. Fundamentally, professionals often struggle with OAuth because they misunderstand what it is, what use cases it is particularly good and bad at, and how to integrate it smoothly and safely into their systems. In this course, review the basics of OAuth 2.0 and OpenID Connect, and learn how to use them to authenticate your applications. Learn about tokens, scopes, and claims; OAuth flows; common security considerations; and more.

Topics include:

How does OAuth 2.0 work, and what problems does it solve?
What is OpenID Connect, and how is it different from OAuth?
OAuth tokens and their usage
Authorization in microservices
Common security considerations
Authorization for mobile apps and SPA
Authorization in legacy applications
Server-side implementations

1 - Introduction


01. Welcome	02. What you should know before watching this course	03. Exercise files

2 - 1. What Is OAuth


04. What is OAuth 2.0, and why does it matter	05. How does OAuth 2.0 work, and what problems does it solve	06. How does it compare and contrast with other technologies	07. What is OpenID Connect, and how is it different from OAuth

3 - 2. Core Terminology


08. Understanding the OAuth endpoints	09. OAuth tokens and their usage - Access, ID, and refresh	10. JWT token management - Security, validation, and revocation	11. The purpose of scopes and claims

4 - 3. Client Credential - Authorization for Microservices


12. Authorization in microservices	13. Lab - Build an example with the command line and Postman	14. Common security considerations

5 - 4. Implicit or Hybrid - Authorization for Mobile Devices


15. Authorization for mobile apps and SPA	16. Lab - Build an example with JavaScript	17. Common security considerations

6 - 5. Grant Type - Authorization Code


18. Authorization code for web applications	19. Lab - Build an example with Postman	20. Common Security Considerations

7 - 6. Grant Type - Resource Owner Password Flow


21. Authorization in legacy applications	22. Lab - Build an example in curl	23. Common security considerations

8 - 7. Server-Side Implementations


24. Lab - Configuring an OAuth server in PHP	25. Lab - Configuring an OAuth server in Node	26. OAuth 2.0 as a service using Okta

8 - 7. Server-Side Implementations


27. Next steps