OAuth 2.0 is the go-to solution for API security, bringing authorization and delegation to modern HTTP APIs. In this course, you'll learn the fundamentals of OAuth, allowing you to architect and implement the right solution for your requirements.
OAuth 2.0 is the go-to solution for API security, bringing authorization and delegation to modern HTTP APIs. In this course, Getting Started with OAuth 2.0, you'll learn the fundamentals of OAuth and why it is preferred over past solutions. First, you'll explore each grant type and flow in detail, looking at their strengths and weaknesses, and when they should be used or not. Next, you'll take a close look at native applications such as mobile apps, and their unique security issues when using OAuth. Finally, you'll learn some common extensions to the OAuth protocols, such as OpenID Connect and the upcoming OAuth device flow. All of this will be covered without using any particular programming language or stack. When you're finished with this course, you will know how to integrate with any OAuth 2 authorization server and architect the right solution for you.
1 - Course_Overview
|
|
|||
|
01. Course_Overview
|
2 - API_Security_101
|
|
|
|
|
|
02. Introduction
|
03. A_Problem_of_API_Authorization
|
04. A_Solution_-_Credential_Sharing
|
05. A_Solution_-_Cookies
|
|
|
|
|
|
|
06. A_Solution_-_API_Keys
|
07. The_Solution_-_OAuth_2.0
|
08. Demo_-_A_Very_Typical_OAuth_Flow
|
09. OAuth_-_A_Misunderstood_Protocol
|
|
|
|||
|
10. Summary
|
3 - OAuth_in_Detail
|
|
|
|
|
|
11. Introduction
|
12. Protocol_Endpoints
|
13. What_Is_a_Scope
|
14. Authorization_Code_for_Web_Applications
|
|
|
|
|
|
|
15. Demo_-_Authorization_Code_for_Web_Applications
|
16. Implicit_Flow_for_Single_Page_Applications
|
17. Demo_-_Implicit_Flow_for_Single_Page_Applications
|
18. Client_Credentials_for_Machines
|
|
|
|
|
|
|
19. Demo_-_Client_Credentials_for_Machines
|
20. Resource_Owner_Password_Credentials_for_No_One
|
21. Demo_-_Resource_Owner_Password_Credentials_for_No_One
|
22. Long-lived_Access_with_Refresh_Tokens
|
|
|
|
|
|
|
23. Demo_-_Long-lived_Access_with_Refresh_Tokens
|
24. Choosing_the_Right_Response_Mode
|
25. When_Things_Go_Wrong
|
26. Summary
|
4 - Best_Practices_for_Native_Applications
|
|
|
|
|
|
27. Introduction
|
28. The_Unique_Issues_of_Native_Applications
|
29. Dealing_with_Stolen_Tokens_Using_PKCE
|
30. Choosing_the_Best_Redirect_URI
|
|
|
|
|
|
|
31. Not_All_Browsers_Are_Created_Equally
|
32. Demo_-_OAuth_for_Native_Applications_in_Action
|
33. Summary
|
5 - Extending_OAuth
|
|
|
|
|
|
34. Introduction
|
35. OAuth_+_Identity_with_OpenID_Connect
|
36. Demo_-_Identity_with_OpenID_Connect
|
37. Automatically_Configuring_Clients_with_OAuth_Metadata
|
|
|
|
|
|
|
38. Securely_Authorizing_the_IoT_with_the_OAuth_Device_Flow
|
39. Demo_-_Device_Flow_in_Action
|
40. Combining_SAML_and_OAuth_with_the_SAML_Assertion_Grant
|
41. Summary
|