Learn OAuth2 and OpenID for mobile apps, web apps and also learn about the security risk associated with each grant type
☑ You will learn OAuth 2.0
☑ You will learn OpenID Connect
☑ You will learn implicit flow
☑ You will learn authentication code
☑ You will learn authorization code
☑ and much more
Welcome my name is Anwer Khan and I will be your instructor throughout this course. Now I will talk straight to the point. Therefore, we will cover more in less time. In this course, we’ll talk about the most common and useful approach to securing access to our APIs, and that’s OAuth 2.0.
At first glance, OAuth seems hard, and it is, but we’ll break it down into core concepts, how and where to apply it. ofcourse, there’s no one size fits all solution. So, we’ll cover the different flavours and extensions to OAuth that help it address things that you probably haven’t even considered.
OAuth, which stands for “Open Authorization,” allows third-party services to exchange your information without you having to give away your password.
OAuth (Open Authorization) is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
Generally, OAuth provides clients a “secure delegated access” to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without providing credentials.
More and more, APIs are the foundation of our experience. Whether we’re building customer facing mobile apps, updating existing web apps, integrating with that cool, new device, or thinking about microservices, we can’t do that without APIs. Unfortunately, we rarely think about security and how we grant and revoke access. The consequences have already cost airlines, dating websites, and even governments hundreds of millions of dollars. You don’t want to be next.
OAuth designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server.
So, this is the best course available in udemy for OAuth 2.0. You will learn lots of new stuff that you have not considered.
So, I hope to see you in this course.
Thank You.
English
Language
Introduction
What you need to know
PreRequisites
OAuth 2.0
OAuth 2.0
OAuth 2.0 extensions
OAuth 2.0 with OpenID Connect
Starting Concepts
OAuth Fundamentals
OAuth Endpoint
Designing and using OAuth Scopes
Tokens
OAuth 2.0 Tokens
Validating JWTs
Access and Refresh Token
Parsing and using ID Tokens
Handling Token Safely and securely
Authorization Code
Authorization Code flow
When should I use Authorization code flow
PKCE
When should use PKCE
Authorization code flow example
Native App or SPA example
Security Considerations
Implicit Flow
Implicit flow
When should use implicit flow
Great example app
Security Considerations
Grant Type Resource Owner Password
Resource owner password
When should we use it
Clients Credential Flow
Clients credential flow
When should I use this
Device Grant Type Flow
Device flow overview
When should you use this
Build an example Kiosk
Security Considerations
Using an OAuth
OAuth Recommandations