Beskrivning

In this course, you will learn the following:

• Authentication vs. authorization
• How OAuth 2.x and OpenID Connect work
• Fundamental concepts
• How a client authenticates against an authorization server
• How to retrieve and consume JWT tokens
• How OpenID Connect fits into your architecture
• How the tokens are secured and managed

Target audience

Developers and architects who want to learn the fundamentals and how to protect applications using OAuth2 and OpenID Connect. This class focuses on the various standards and protocols, without relying on a specific implementation or programming language.

Prerequisites

It would be best if you had a good understanding of the following:

• The HTTP(s) protocol (including methods, headers, and cookies…)
• How the web works in general
• Some experience in developing backend web solutions

Agenda

In this course, we will cover the following:

• Introduction
  • Authentication vs. Authorization
  • Our challenges
  • OAuth versions
  • OAuth vs. OpenID Connect

• Towards OpenID Connect
  • Reference tokens
  • Bearer tokens

• Token Service
  • Authorization Server
  • Relying party
  • ID token
  • Access token
  • Authentication architecture
  • Token endpoints
  • Discovery document

• Implicit flow
  • How does this flow work
  • Why it is no longer a recommended flow

• JWT tokens
  • ID token
  • JSON Web Tokens
  • JWT access tokens

• Claims and scopes
  • What are claims?
  • Claim types
  • Scopes
  • User consent

• Securing the token
  • Unsecure tokens
  • Signed tokens
  • Signature algorithms
  • Private/public keys
  • Encrypted tokens

• Authorization Code Flow
  • Public vs. private clients
  • Front vs. back-channel

• Client Credentials flow
• Refresh tokens

And much more…

Kursen levereras i samarbete med

Kontakta oss om denna kurs