Overview
Dive into a comprehensive 33-minute video lecture on OAuth and OpenID Connect (OIDC) protocols, presented by Aaron Parecki, author of OAuth 2.0 Simplified and co-editor of the OAuth 2.1 spec. Explore the fundamentals, use cases, and security best practices for implementing OAuth and OIDC in various applications, including mobile platforms. Gain insights into the upcoming OAuth 2.1 update, learn about JWT access tokens and their trade-offs, and discover how to design effective scopes for granular access control. Understand the architecture of microservices protected by OAuth at the gateway level, and stay up-to-date with the latest developments in OAuth security.
Syllabus
Intro
Why do we need OAuth
OAuth vs OIDC
Public vs Confidential Clients
OAuth Client Roles
What is the Front Channel
What is Pixi
Refresh Tokens
Where to Store Tokens
API Validation
Learn More
Taught by
Okta