Overview
Dive into a comprehensive lab session on configuring OAuth servers to protect APIs using access tokens. Learn to adjust token lifetimes, create custom scopes, add custom claims to JWT access tokens, and understand the implications of token validation decisions. Follow along with instructor Aaron Parecki as he guides you through practical exercises, including registering confidential clients, configuring token lifetimes, creating rules and policies, managing group claims, and adding custom claims. Gain hands-on experience with Okta's developer API service and explore best practices for securing your applications and APIs using OAuth.
Syllabus
Intro
OAuth Concepts
Access Tokens
Reference Tokens
Octaves Access Tokens
Session Overview
Register a Confidential Client
Configure the Token Lifetime
Changing the Token Lifetime by Default
Token Lifetime Limits
Token Validation
Token Lifetime
Risk Assessment
Create a Rule
Create a New Scope
Add the Scope to the Request
Make a Policy
Run in Order
Require Consent
Custom Claims
Group Claims
Verifying Group Claims
Managing Group Claims
Adding Custom Claims
Taught by
Okta