Introduction to OpenID Connect and OAuth

Introduction to OpenID Connect and OAuth

Course Summary

OpenID Connect is the de-facto standard we should use for handling authentication and authorization in modern applications. However, it can still be very complex and confusing with all the various concepts, including scopes, claims, flows, resources, and tokens.

Developers and architects who want to learn the fundamentals and how to protect applications using OAuth2 and OpenID Connect. This class focuses on the various standards and protocols, without relying on a specific implementation or programming language.

It would be best if you had a good understanding of the following:

  • The HTTP(s) protocol (including methods, headers, and cookies…)
  • How the web works in general
  • Some experience in developing backend web solutions

In this course, we will cover the following:

Introduction

  • Authentication vs. Authorization
  • Our challenges
  • OAuth versions
  • OAuth vs. OpenID Connect

Towards OpenID Connect

  • Reference tokens
  • Bearer tokens

Token Service

  • Authorization Server
  • Relying party
  • ID token
  • Access token
  • Authentication architecture
  • Token endpoints
  • Discovery document

Implicit flow

  • How does this flow work
  • Why it is no longer a recommended flow

JWT tokens

  • ID token
  • JSON Web Tokens
  • JWT access tokens

Claims and scopes

  • What are claims?
  • Claim types
  • Scopes
  • User consent

Securing the token

  • Unsecure tokens
  • Signed tokens
  • Signature algorithms
  • Private/public keys
  • Encrypted tokens

Authorization Code Flow

  • Public vs. private clients
  • Front vs. back-channel

Client Credentials flow

Refresh tokens

And much more…

After this course

After this course, we recommend you look at the following related courses:

 

Course Overview

10 950 kr

1 Dag

Can’t find a (suitable) date, but are interested in the course? Send in an expression of interest and we will do what we can to find a suitable opportunity.

Customized Courses

The course can be adapted from several perspectives:

  • Content and focus area
  • Extent and scope
  • Delivery approach

In interaction with the course leader, we ensure that the course meets your needs.

Skicka intresseanmälan för utbildningen

Send an expression of interest for the training