Explore common patterns and challenges in implementing OpenID Connect and OAuth 2.0 for modern application architectures in this comprehensive conference talk. Gain insights into designing token-based systems, selecting appropriate protocol flows, and addressing key considerations such as resource and token design, client integration, session management, and revocation. Learn about identity tokens, access tokens, and the differences between self-contained and reference tokens. Discover practical tips for navigating authentication and authorization in microservices and cloud-native applications, and understand how to effectively implement these protocols to enable secure and scalable identity and access control solutions.
Implementing OpenID Connect and OAuth 2.0 – Tips from the Trenches
Overview
Syllabus
Introduction
Agenda
Common requirements
Architecture diagram
Application types
Questions to ask
What are clients
What are resources
First iteration
Identity
External Systems
Protocol Flows
Identity Token
Session Management
Resource Access
Keep it Simple
Access Tokens
Access Token Revocation
Selfcontained vs reference tokens
Summary
Taught by
NDC Conferences
Related Courses
-
Enterprise OAuth 2.0 and OpenID Connect
-
Securing ASP.NET Core 6 with OAuth2 and OpenID Connect
-
Secure .Net Microservices with IdentityServer4 OAuth2,OpenID
-
Common Mistakes and Misconceptions in Web App Security Using OAuth 2.0 and OpenID Connect
-
Implementing OpenID Connect and OAuth 2.0 – Tips from the Trenches
-
OpenID Connect & OAuth 2.0 - Security Best Practices
