Dive into the world of OAuth and OpenID Connect (OIDC) in this comprehensive 50-minute conference talk from Colorado CSA 2018. Explore the fundamentals of OAuth as an open standard for authorization, learning how it provides secure delegated access over HTTPS using access tokens. Understand the relationship between OIDC and OAuth 2.0, and discover how OIDC enables user identity verification and profile information retrieval. Gain insights into OAuth 2.0 and OIDC implementation, use cases, and helpful frameworks and services. Cover topics including OAuth history, scopes, flows, security issues, and practical applications with major providers like Google and Facebook. Benefit from demonstrations, additional resources, and online tools for OAuth and OIDC debugging. Leave equipped with the knowledge to implement secure authorization and authentication in your applications.
Overview
Syllabus
Intro
History
Scopes
Flows
Front Channel Flow
Implicit Flow
OAuth Bashes
OAuth Assertion
Device Flow
Nate Barba
Aaron Preki
Security Issues
Google and Facebook OAuth
OAuth scopes
OAuth authorization request
OAuth configuration URL
OAuth header
JSON
Grant Types
Native Apps
App SDK
Demos
Additional Resources
Dotnet
Developer Dr Calm
Taught by
Okta
Related Courses
-
Enterprise OAuth 2.0 and OpenID Connect
-
Common Mistakes and Misconceptions in Web App Security Using OAuth 2.0 and OpenID Connect
-
OAuth and OpenID Connect in Plain English
-
Everything You Ever Wanted to Know About OAuth and OIDC
-
OpenID Connect & OAuth 2.0 - Security Best Practices
-
OAuth vs. SAML vs. OpenID Connect
