Web Security: OAuth and OpenID Connect

Web Security: OAuth and OpenID Connect

English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 1h 44m | 220 MB

While many technical professionals claim to know and understand OAuth, reality often suggests otherwise. Implementing the proper grant types and the required flows while securely protecting your secrets is challenging at best and catastrophic at worst. Fundamentally, professionals often struggle with OAuth because they misunderstand what it is, what use cases it is particularly good and bad at, and how to integrate it smoothly and safely into their systems. In this course, Keith Casey reviews the basics of OAuth 2.0 and OpenID Connect and shows how to use them to authenticate your applications. He covers tokens and scopes; designing and building the key flows; common security considerations; and more.

Topics include:

  • What is OAuth 2.0?
  • Making OAuth 2.0 useful with extensions
  • Extending OAuth 2.0 with OpenID Connect
  • OAuth tokens and their usage
  • Common security considerations
  • Resource owner password flow
  • Client credential flow
  • Configuring an OAuth server in PHP and Node.js
Table of Contents

1 Using OAuth 2.0 and OpenID Connect
2 What you should know
3 What you will need
4 Describing OAuth 2.0
5 Making OAuth 2.0 useful with extensions
6 Extending OAuth 2.0 with OpenID Connect
7 OAuth 2.0 fundamentals
8 Touring the OAuth endpoints
9 Designing and using OAuth scopes
10 OAuth 2.0 tokens
11 Validating JWTs
12 Using access and refresh tokens
13 Parsing and using ID tokens
14 Handling tokens safely and securely
15 Overview Authorization code flow
16 When should I use this
17 PKCE Overview
18 When should I use PKCE
19 Build an example Web app or Postman
20 Build an example Native app or SPA
21 Security considerations
22 Overview Implicit flow
23 When should I use this
24 Build an Example SPA
25 Security considerations
26 Overview Resource owner password flow
27 When Should I use this
28 Build an example curl
29 Security considerations
30 Overview Client credential flow
31 When should I use this
32 Build an example curl
33 Security considerations
34 Overview Device flow
35 When should I use this
36 Build an example Kiosk
37 Security considerations
38 OAuth recommended practices
39 Configuring an OAuth server in PHP
40 Configuring an OAuth server in Node.js
41 OAuth 2.0 as a service using Okta
42 OAuth extensions
43 Industry specific OAuth extensions
44 Next steps