Learn how to work with OAuth and OpenID Connect to authenticate your applications.
Overview
Syllabus
Introduction
- Using OAuth 2.0 and OpenID Connect
- What you should know
- What you will need
- Describing OAuth 2.0
- Making OAuth 2.0 useful with extensions
- Extending OAuth 2.0 with OpenID Connect
- OAuth 2.0 fundamentals
- Touring the OAuth endpoints
- Designing and using OAuth scopes
- OAuth 2.0 tokens
- Validating JWTs
- Using access and refresh tokens
- Parsing and using ID tokens
- Handling tokens safely and securely
- Overview: Authorization code flow
- When should I use this?
- PKCE Overview
- When should I use PKCE?
- Build an example: Web app or Postman
- Build an example: Native app or SPA
- Security considerations
- Overview: Implicit flow
- When should I use this?
- Build an Example: SPA
- Security considerations
- Overview: Resource owner password flow
- When Should I use this?
- Build an example: curl
- Security considerations
- Overview: Client credential flow
- When should I use this?
- Build an example: curl
- Security considerations
- Overview: Device flow
- When should I use this?
- Build an example: Kiosk
- Security considerations
- OAuth recommended practices
- Configuring an OAuth server in PHP
- Configuring an OAuth server in Node.js
- OAuth 2.0 as a service using Okta
- OAuth extensions
- Industry specific OAuth extensions
- Next steps
Taught by
Keith Casey
