Learn OAuth2 and OpenID for mobile apps, web apps and also learn about the security risk associated with each grant type

What you will learn

You will learn OAuth 2.0

You will learn OpenID Connect

You will learn implicit flow

You will learn authentication code

You will learn authorization code

and much more


Welcome my name is Anwer Khan and I will be your instructor throughout this course. Now I will talk straight to the point. Therefore, we will cover more in less time. In this course, we’ll talk about the most common and useful approach to securing access to our APIs, and that’s OAuth 2.0.

At first glance, OAuth seems hard, and it is, but we’ll break it down into core concepts, how and where to apply it. ofcourse, there’s no one size fits all solution. So, we’ll cover the different flavours and extensions to OAuth that help it address things that you probably haven’t even considered.

OAuth, which stands for “Open Authorization,” allows third-party services to exchange your information without you having to give away your password.

OAuth (Open Authorization) is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

Generally, OAuth provides clients a “secure delegated access” to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without providing credentials.

More and more, APIs are the foundation of our experience. Whether we’re building customer facing mobile apps, updating existing web apps, integrating with that cool, new device, or thinking about microservices, we can’t do that without APIs. Unfortunately, we rarely think about security and how we grant and revoke access. The consequences have already cost airlines, dating websites, and even governments hundreds of millions of dollars. You don’t want to be next.

OAuth designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server.

So, this is the best course available in udemy for OAuth 2.0. You will learn lots of new stuff that you have not considered.

So, I hope to see you in this course.

Thank You.





What you need to know


OAuth 2.0

OAuth 2.0

OAuth 2.0 extensions

OAuth 2.0 with OpenID Connect

Starting Concepts

OAuth Fundamentals

OAuth Endpoint

Designing and using OAuth Scopes


OAuth 2.0 Tokens

Validating JWTs

Get Instant Notification of New Courses on our Telegram channel.

Access and Refresh Token

Parsing and using ID Tokens

Handling Token Safely and securely

Authorization Code

Authorization Code flow

When should I use Authorization code flow


When should use PKCE

Authorization code flow example

Native App or SPA example

Security Considerations

Implicit Flow

Implicit flow

When should use implicit flow

Great example app

Security Considerations

Grant Type Resource Owner Password

Resource owner password

When should we use it

Clients Credential Flow

Clients credential flow

When should I use this

Device Grant Type Flow

Device flow overview

When should you use this

Build an example Kiosk

Security Considerations

Using an OAuth

OAuth Recommandations