Course Outline

Introduction

  • Overview of OAuth
  • Understanding API security

OAuth

  • Protocol endpoints
  • Scope
  • Authorization code for web apps
  • Implicit flow for single-page apps
  • Client credentials for machines
  • Resource owner password credentials
  • Long-lived access with refresh tokens
  • Choosing the right response mode
  • Simplifying OAuth with OAuth 2.1

Native Applications Best Practices

  • Unique issues of native apps
  • Using PKCE to handle stolen tokens
  • Choosing the best redirect URI

Browser-based Application Best Practices

  • The security profile of the browser-based app
  • OAuth within the browser
  • Avoiding OAuth with SameSite cookies
  • Securing browser-based apps with backend for frontend

Extending OAuth

  • OAuth and Identity with OpenID Connect
  • Configuring clients with OAuth metadata
  • Authorizing the IoT with the OAuth device flow
  • Combining SAML and OAuth with the SAML assertion grant
  • Securing Microservices with token exchange

Summary and Next Steps

Requirements

  • Basic knowledge of web service and API development

Audience

  • Developers
  7 Hours
 

Number of participants


Starts

Ends


Dates are subject to availability and take place between 09:30 and 16:30.
Open Training Courses require 5+ participants.

Testimonials (2)

Related Courses

CISA - Certified Information Systems Auditor

  28 Hours

Related Categories