Learn how to secure APIs using OAuth 2.0 in this 32-minute conference talk. Explore the OAuth authorization protocol, enabling applications to access user data without credentials. Discover the use of JWT access tokens, their tradeoffs, and how to design granular scopes for backend services. Gain insights into creating a microservices architecture protected by OAuth at the gateway level. Access additional resources, including the speaker's book "OAuth 2.0 Simplified" and Okta's developer services for user account management in web and mobile applications.
Overview
Syllabus
Intro
OAuth vs OAuth Exchange
OAuth for First Party Apps
How OAuth Works
Authorization Code Flow
Example
Auth Flow
Pixie
OAuth Worm
Access Tokens
Drawbacks of Access Tokens
SelfEncoded Tokens
JSON Web Token
Is that enough
Token Validation Example
Token Validation Flexibility
Taught by
Okta
