Getting Started with OAuth 2.0
OAuth 2.0 is the go-to solution for API security, bringing authorization and delegation to modern HTTP APIs. In this course, you'll learn the fundamentals of OAuth, allowing you to architect and implement the right solution for your requirements.
What you'll learn
OAuth 2.0 is the go-to solution for API security, bringing authorization and delegation to modern HTTP APIs. In this course, Getting Started with OAuth 2.0, you'll learn the fundamentals of OAuth and why it is preferred over past solutions. First, you'll explore each grant type and flow in detail, looking at their strengths and weaknesses, and when they should be used or not. Next, you'll take a close look at native applications such as mobile apps, and their unique security issues when using OAuth. Finally, you'll learn some common extensions to the OAuth protocols, such as OpenID Connect and the upcoming OAuth device flow. All of this will be covered without using any particular programming language or stack. When you're finished with this course, you will know how to integrate with any OAuth 2 authorization server and architect the right solution for you.
Table of contents
- Introduction 1m
- Protocol Endpoints 1m
- What Is a Scope? 1m
- Authorization Code for Web Applications 8m
- Demo: Authorization Code for Web Applications 2m
- Implicit Flow for Single Page Applications 6m
- Demo: Implicit Flow for Single Page Applications 1m
- Client Credentials for Machines 2m
- Demo: Client Credentials for Machines 1m
- Resource Owner Password Credentials for No One 3m
- Demo: Resource Owner Password Credentials for No One 1m
- Long-lived Access with Refresh Tokens 5m
- Demo: Long-lived Access with Refresh Tokens 1m
- Choosing the Right Response Mode 2m
- When Things Go Wrong 1m
- Simplifying OAuth with OAuth 2.1 2m
- Summary 1m
- Introduction 1m
- OAuth + Identity with OpenID Connect 8m
- Demo: Identity with OpenID Connect 1m
- Automatically Configuring Clients with OAuth Metadata 2m
- Securely Authorizing the IoT with the OAuth Device Flow 6m
- Demo: Device Flow in Action 2m
- Combining SAML and OAuth with the SAML Assertion Grant 3m
- Securing Microservices with Token Exchange 4m
- Summary 2m
About the author
Scott Brady is a software developer specializing in identity and access management. Focusing on ASP.NET, Scott has increasingly found himself in undocumented territory, piecing together the facts and attempting to pass them on so that others don't have to go through the same. Scott currently work as a Senior Software Engineer for Rock Solid Knowledge and is a contributor to the IdentityServer OSS project, the leading OpenID Connect and OAuth framework for .NET.