Introduction to OpenID Connect and OAuth
OpenID Connect is the de-facto standard we should use for handling authentication and authorization in modern applications. However, it can still be very complex and confusing with all the various concepts, including scopes, claims, flows, resources, and tokens.
In this course, you will learn the following:
- Authentication vs. authorization
- How OAuth 2.x and OpenID Connect work
- Fundamental concepts
- How a client authenticates against an authorization server
- How to retrieve and consume JWT tokens
- How OpenID Connect fits into your architecture
- How the tokens are secured and managed
This course includes many hands-on exercises that will help you understand how the protocol works under the hood, so you can get the best from it.
Utbildningsformer
Remote
Längd
1 dag
Pris
10950 kr
Target audience
Developers and architects who want to learn the fundamentals and how to protect applications using OAuth2 and OpenID Connect. This class focuses on the various standards and protocols, without relying on a specific implementation or programming language.
Prerequisites
It would be best if you had a good understanding of the following:
- The HTTP(s) protocol (including methods, headers, and cookies…)
- How the web works in general
- Some experience in developing backend web solutions
Agenda: Introduction to OpenID Connect and OAuth
In this course, we will cover the following:
Introduction
- Authentication vs. Authorization
- Our challenges
- OAuth versions
- OAuth vs. OpenID Connect
Towards OpenID Connect
- Reference tokens
- Bearer tokens
Token Service
- Authorization Server
- Relying party
- ID token
- Access token
- Authentication architecture
- Token endpoints
- Discovery document
Implicit flow
- How does this flow work
- Why it is no longer a recommended flow
JWT tokens
- ID token
- JSON Web Tokens
- JWT access tokens
Claims and scopes
- What are claims?
- Claim types
- Scopes
- User consent
Securing the token
- Unsecure tokens
- Signed tokens
- Signature algorithms
- Private/public keys
- Encrypted tokens
Authorization Code Flow
- Public vs. private clients
- Front vs. back-channel
Client Credentials flow
Refresh tokens
And much more…
After this course
After this course, we recommend you look at the following related courses:
Utbildare
Tore Nestenius
Tore Nestenius är en uppskattad kursledare med en särskild förmåga att anpassa undervisningen efter varje deltagares behov. Han är skicklig på att förmedla kunskap på ett sätt som är lätt att förstå och tillämpa i praktiken.
I Tores kurser blandas teori med praktiska övningar, vilket ger deltagarna möjlighet att direkt använda det de lär sig. Med över 14 års erfarenhet inom områden som mjukvaruarkitektur, .NET, C#, ASP.NET Core och webbsäkerhet, är han en erfaren utbildare som engagerar och berikar sina kursdeltagare.