Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Building Clients for OpenID Connect - OAuth 2-based Systems

NDC Conferences via YouTube

Overview

Explore the intricacies of building clients for OpenID Connect and OAuth 2-based systems in this comprehensive conference talk. Delve into best practices for implementing authentication and API access protocols, addressing challenges such as selecting appropriate protocol flows, secure token storage, and token lifetime management. Learn how to simplify front-end development by eliminating credential handling while navigating the complexities introduced by these protocols. Gain insights into solving common issues for native server applications, client-side applications, browser-based applications, and Single Page Applications (SPAs). Discover the nuances of various flows including Client Credentials, Authorization Code, Hybrid, and Resource Owner Password, as well as modern techniques like Proof-Key for Code Exchange (PKCE) and the "BFF" architecture. Understand the evolution of browser-based clients, the implications of SameSite cookies, and how to effectively use client libraries for seamless integration.

Syllabus

Intro
It's complicated!
Objectives
The Big Picture
Client Credentials Flow
Use Token
Challenges for Clients
User-Centric Clients
Front-Channel: Authorization Code Flow Request
Front-Channel: Authorization Code Flow Response
Back-Channel: Retrieving Tokens
Issues with Code Flow
Hybrid Flow Request
Hybrid Flow Response
Issues with Hybrid Flow
Public Clients
Native/Mobile Applications
Anti Pattern: Resource Owner Password Flow
Using a browser for driving the authentication workflow
Proof-Key for Code Exchange (PKCE)
Client Libraries
Browser-based Clients (aka SPAS)
History (1)
Problems with Implicit Flow
Token Management for JS Apps
Java Script Client Library
The new kid on the block: SameSite Cookies
"BFF" Architecture

Taught by

NDC Conferences

Reviews

Start your review of Building Clients for OpenID Connect - OAuth 2-based Systems

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.