Overview
Explore three profiles of OAuth2 for Identity and Access Management in this 45-minute LASCON conference talk. Delve into the complexities of OAuth2, its evolution, and emerging profiles that address real-world problems. Learn about OpenID Connect for personal information release, User Managed Access Protocol for centralized API management, and Google's approach to high-performance API access management. Discover free open source software implementations enabling quick deployment of OAuth2 for two-factor authentication, web and mobile single sign-on, stateless API access management, and IoT security. Gain insights into best practices and standards developed through years of practical experience, avoiding common pitfalls in OAuth2-based security infrastructure deployment. Cover topics including OAuth2 for enterprise, roles, scopes, tokens, various OAuth flows, OpenID Connect, JSON Web Tokens, dynamic client registrations, and more.
Syllabus
Intro
Identity and Access Management
OAuth2 for Enterprise
OAuth2 is not an authentication protocol
ldap is not one standard
OAuth2 standards
Roles
Scopes
Tokens
OAuth2 AB
OAuth2 JWT
Token Binding
Client Credentials
OAuth Grants
OAuth SignIn Flow
OAuth Implicit Flow
OAuth Password Credential Flow
Token Inversion API
OpenID Connect
JSON Web Tokens
Hybrid Flow
Response Type
Dynamic client registrations
OAuth2 logout
OAuth2 Profile 3
Taught by
LASCON