Hem Sök efter kurserIntroduction to OpenID Connect and OAuth

Introduction to OpenID Connect and OAuth

OpenID Connect is the de-facto standard we should use for handling authentication and authorization in modern applications. However, it can still be very complex and confusing with all the various concepts, including scopes, claims, flows, resources, and tokens.

In this course, you will learn the following:

Authentication vs. authorization
How OAuth 2.x and OpenID Connect work
Fundamental concepts
How a client authenticates against an authorization server
How to retrieve and consume JWT tokens
How OpenID Connect fits into your architecture
How the tokens are secured and managed

This course includes many hands-on exercises that will help you understand how the protocol works under the hood, so you can get the best from it.

Utbildningsformer
Remote

Längd
1 dag

Pris
10950 kr

Target audience

Developers and architects who want to learn the fundamentals and how to protect applications using OAuth2 and OpenID Connect. This class focuses on the various standards and protocols, without relying on a specific implementation or programming language.

Prerequisites

It would be best if you had a good understanding of the following:

The HTTP(s) protocol (including methods, headers, and cookies…)
How the web works in general
Some experience in developing backend web solutions

Agenda: Introduction to OpenID Connect and OAuth

In this course, we will cover the following:

Introduction

Authentication vs. Authorization
Our challenges
OAuth versions
OAuth vs. OpenID Connect

Towards OpenID Connect

Reference tokens
Bearer tokens

Token Service

Authorization Server
Relying party
ID token
Access token
Authentication architecture
Token endpoints
Discovery document

Implicit flow

How does this flow work
Why it is no longer a recommended flow

JWT tokens

ID token
JSON Web Tokens
JWT access tokens

Claims and scopes

What are claims?
Claim types
Scopes
User consent

Securing the token

Unsecure tokens
Signed tokens
Signature algorithms
Private/public keys
Encrypted tokens

Authorization Code Flow

Public vs. private clients
Front vs. back-channel

Client Credentials flow

Refresh tokens

And much more…

After this course

After this course, we recommend you look at the following related courses:

Utbildare

Tore Nestenius

Tore Nestenius är en uppskattad kursledare med en särskild förmåga att anpassa undervisningen efter varje deltagares behov. Han är skicklig på att förmedla kunskap på ett sätt som är lätt att förstå och tillämpa i praktiken.

I Tores kurser blandas teori med praktiska övningar, vilket ger deltagarna möjlighet att direkt använda det de lär sig. Med över 14 års erfarenhet inom områden som mjukvaruarkitektur, .NET, C#, ASP.NET Core och webbsäkerhet, är han en erfaren utbildare som engagerar och berikar sina kursdeltagare.

Dela:

Andra har även varit intresserade av dessa kurser:

Securing ASP.NET using OpenID Connect and IdentityServer

Today we face many authentication and authorization challenges when we’re designing and developing modern applications. The requirements are more challenging than ever, especially when we need to support everything from mobile and SPA applications, to microservices in the cloud. OpenID Connect is the de-facto standard we should use for handling authentication and authorization in modern applications. However, it can still be very confusing with all the various concepts, including scopes, claims, flows, resources and tokens. In this course, you will learn the following: How OAuth and OpenID Connect work together in detail How to set up an instance of IdentityServer How to secure ASP.NET Core applications using OpenID Connect and IdentityServer When we go through these things, we will not just configure some obscure magic libraries; instead, we will look under the hood of OpenID Connect and IdentityServer to understand what really makes them tick. We recommend that you have a good computer that can run multiple instances of Visual Studio and at least one big monitor. In this course, we use ASP.NET Core 7 and IdentityServer 6. After this course, we recommend you look at the course IdentityServer in Production, where we will teach you how to create a production-ready set-up of IdentityServer. This course contains a lot of hands-on practical exercises where you will learn how to work with OpenID Connect and the latest version of Duende IdentityServer version 6.

Remote

3 dagar13-15 May

26950 krELLER
3 training card days

Identity Server in Production

This course continues where our popular course Securing ASP.NET using OpenID Connect and IdentityServer with a clear focus on getting a complete IdentityServer architecture up and running in a real production environment. You will learn how to avoid many of the pitfalls and snags involved when you’re starting your deployment journey. When we say that this course is about deploying to production, we really mean it. In this course, we will deploy the services we create to the public internet, using real TLS certificates and automatic build/deployment. The solution you will deploy contains a client, an API, and a fully configured IdentityServer. We are especially proud that we don’t cheat or cut corners in this all-encompassing course. Instead, we will, for example: Store configuration data in a separate configuration service Create logs in a separate logging server for analytics and visualization Use real HTTPS certificates Create our own token signing keys Use continuous deployment to deploy our services This very hands-on course contains extensive exercises that will take you through all the steps involved in creating a successful identity solution.

Classroom
Remote

3 dagar

26950 krELLER
3 training card days

C# - Introduktion

This training gives you a solid foundation for working with C# and the .NET framework. The course goes through the basics of object orientation, syntax and structure, as well as how to use the large class library and the most common parts in it. The course alternates theory and practice to give you an overall picture that you can directly use in your own business after completing the training

Remote

3 dagar22-24 May

26950 krELLER
3 training card days

C# Avancerad

Efter att ha bekantat dig med grunderna i "C# Introduktion", är denna kurs en naturlig fortsättning. Men oroa dig inte om du hoppade över introduktionen – denna kurs fungerar utmärkt att studera fristående. Vi tar vår applikation (ett spel) till nästa nivå och integrerar följande koncept: Fördjupning inom objektorientering, klasser och egenskaper Testprojekt och testdriven utveckling (TDD) LINQ, delegater, events och lambdauttryck Asynkron programmering Repository Pattern och Entity Framework Design Patterns och Dependency Injection Interface, SOLID-principer och domändriven design (DDD) Attribut, Reflection och .NET-interoperabilitet När kursen avslutas kommer du att besitta djup kunskap i C# och dess avancerade funktioner och förmågan att skapa strukturerad och högkvalitativ kod: Lättläst och förståelig kod Modulär kod som enkelt kan utökas Kod som är enkel att testa Återanvändbar kod Vi lägger särskilt fokus på att skapa enhetstester för all kod vi skriver. Med hjälp av principerna från DDD säkerställer vi att koden är väl strukturerad och optimerad för testning. Målet är att koden vi skapar blir som lego - varje bit är självständig men kan samverka med andra bitar på otaliga sätt.

Remote

3 dagar29-31 May

26950 krELLER
3 training card days