Common Mistakes and Misconceptions in Web App Security Using OAuth 2.0 and OpenID Connect
Offered By: NDC Conferences via YouTube
Course Description
Overview
Explore common mistakes and misconceptions in web application security using OAuth 2.0 and OpenID Connect in this comprehensive conference talk. Delve into the intricacies of authorization and authentication, examining how OAuth 2.0 and OpenID Connect (OIDC) address these challenges. Gain insights into potential pitfalls and misconceptions that developers may encounter when implementing these standards. Learn about client types, scopes, access tokens, JSON Web Tokens, OAuth endpoints, and grant types. Discover best practices for OAuth grants and understand concepts such as authorization code injection, PixiURI, HTTP headers, reference tokens, and refresh tokens. Explore OpenID Connect scopes, endpoints, and the hybrid flow. Benefit from practical demonstrations using IdentityServer4, a popular open-source framework for OpenID Connect and OAuth 2.0 on ASP.NET Core.
Syllabus
Intro
Authentication and Authorization
OAuth and OpenId Connect
Terminology
Client Type
Public Client
Scopes
Access Tokens
JSON Web Token
OAuth endpoints
OAuth grant types
OAuth grant best practices
Authorization code injection
Pixi
URI
HTTP Header
Reference Token
Refresh Token
OpenId Connect
OAuth Scopes
OAuth Connect Endpoints
OAuth Connect Hybrid
Use Cases
Taught by
NDC Conferences
Related Courses
Securing ASP.NET Core 2 with OAuth2 and OpenID ConnectPluralsight Securing ASP.NET Core 3 with OAuth2 and OpenID Connect
Pluralsight Spring Framework: Using Spring Security OAuth2 Login
Pluralsight Authentication and Authorization in PHP
Pluralsight Securing Angular Apps with OpenID Connect and OAuth 2
Pluralsight