Special offers now — see discounted courses.
day
:
hour
:
min
:
sec
See special offers
Web Security: OAuth and OpenID Connect (2019)

Web Security: OAuth and OpenID Connect (2019)

1h 45mAdvanced2019-10-17

Authors

Keith Casey

Keith Casey

Software development and project management

Course details

While many technical professionals claim to know and understand OAuth, reality often suggests otherwise. Implementing the proper grant types and the required flows while securely protecting your secrets is challenging at best and catastrophic at worst. Fundamentally, professionals often struggle with OAuth because they misunderstand what it is, what use cases it is particularly good and bad at, and how to integrate it smoothly and safely into their systems. In this course, Keith Casey reviews the basics of OAuth 2.0 and OpenID Connect and shows how to use them to authenticate your applications. He covers tokens and scopes; designing and building the key flows; common security considerations; and more.

Learning objectives
What is OAuth 2.0?
Making OAuth 2.0 useful with extensions
Extending OAuth 2.0 with OpenID Connect
OAuth tokens and their usage
Common security considerations
Resource owner password flow
Client credential flow
Configuring an OAuth server in PHP and Node.js

Skills covered

OpenIDOAuthIdentity and Access ManagementCybersecurityDeep Dive (X:Y)

Concepts

0. Introduction

  • 01 - Using OAuth 2.0 and OpenID Connect
  • 02 - What you should know
  • 03 - What you will need

1. What Is OAuth

  • 04 - Describing OAuth 2.0
  • 05 - Making OAuth 2.0 useful with extensions
  • 06 - Extending OAuth 2.0 with OpenID Connect

2. Foundational Concepts

  • 07 - OAuth 2.0 fundamentals
  • 08 - Touring the OAuth endpoints
  • 09 - Designing and using OAuth scopes

3. OAuth Tokens

  • 10 - OAuth 2.0 tokens
  • 11 - Validating JWTs
  • 12 - Using access and refresh tokens
  • 13 - Parsing and using ID tokens
  • 14 - Handling tokens safely and securely

4. Grant Type - Authorization Code

  • 15 - Overview - Authorization code flow
  • 16 - When should I use this
  • 17 - PKCE Overview
  • 18 - When should I use PKCE
  • 19 - Build an example - Web app or Postman
  • 20 - Build an example - Native app or SPA
  • 21 - Security considerations

5. Grant Type - Implicit Hybrid

  • 22 - Overview - Implicit flow
  • 23 - When should I use this
  • 24 - Build an Example - SPA
  • 25 - Security considerations

6. Grant Type - Resource Owner Password

  • 26 - Overview - Resource owner password flow
  • 27 - When Should I use this
  • 28 - Build an example - curl
  • 29 - Security considerations

7. Grant Type - Client Credential

  • 30 - Overview - Client credential flow
  • 31 - When should I use this
  • 32 - Build an example - curl
  • 33 - Security considerations

8. Grant Type - Device Grant Type

  • 34 - Overview - Device flow
  • 35 - When should I use this
  • 36 - Build an example - Kiosk
  • 37 - Security considerations

9. Using an OAuth Architecture

  • 38 - OAuth recommended practices
  • 39 - Configuring an OAuth server in PHP
  • 40 - Configuring an OAuth server in Node.js
  • 41 - OAuth 2.0 as a service using Okta

10. State of the Industry

  • 42 - OAuth extensions
  • 43 - Industry specific OAuth extensions

Conclusion

  • 44 - Next steps

Related courses

Related learn paths

About us

LyndaKade is a leading learning platform that helps people learn business, software, technology, and creative skills to achieve personal and professional goals.

Phone numberAparat ChannelTelegram SupportTelegram ChannelInstagram Page

All rights to this site belong to LyndaKade.

Terms of Service|Privacy Policy

نماد الکترونیک enamad در صورت اتصال با آی‌پی داخل کشور، نمایش داده خواهد شد.
logo-samandehi - لوگو ساماندهی
zarinpal
zibal