Explore common mistakes and misconceptions in web application security using OAuth 2.0 and OpenID Connect in this comprehensive conference talk. Delve into the intricacies of authorization and authentication, examining how OAuth 2.0 and OpenID Connect (OIDC) address these challenges. Gain insights into potential pitfalls and misconceptions that developers may encounter when implementing these standards. Learn about client types, scopes, access tokens, JSON Web Tokens, OAuth endpoints, and grant types. Discover best practices for OAuth grants and understand concepts such as authorization code injection, PixiURI, HTTP headers, reference tokens, and refresh tokens. Explore OpenID Connect scopes, endpoints, and the hybrid flow. Benefit from practical demonstrations using IdentityServer4, a popular open-source framework for OpenID Connect and OAuth 2.0 on ASP.NET Core.
Common Mistakes and Misconceptions in Web App Security Using OAuth 2.0 and OpenID Connect
Overview
Syllabus
Intro
Authentication and Authorization
OAuth and OpenId Connect
Terminology
Client Type
Public Client
Scopes
Access Tokens
JSON Web Token
OAuth endpoints
OAuth grant types
OAuth grant best practices
Authorization code injection
Pixi
URI
HTTP Header
Reference Token
Refresh Token
OpenId Connect
OAuth Scopes
OAuth Connect Endpoints
OAuth Connect Hybrid
Use Cases
Taught by
NDC Conferences
