Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Introduction
- Overview of OAuth
- Understanding API security
OAuth
- Protocol endpoints
- Scope
- Authorization code for web apps
- Implicit flow for single-page apps
- Client credentials for machines
- Resource owner password credentials
- Long-lived access with refresh tokens
- Choosing the right response mode
- Simplifying OAuth with OAuth 2.1
Native Applications Best Practices
- Unique issues of native apps
- Using PKCE to handle stolen tokens
- Choosing the best redirect URI
Browser-based Application Best Practices
- The security profile of the browser-based app
- OAuth within the browser
- Avoiding OAuth with SameSite cookies
- Securing browser-based apps with backend for frontend
Extending OAuth
- OAuth and Identity with OpenID Connect
- Configuring clients with OAuth metadata
- Authorizing the IoT with the OAuth device flow
- Combining SAML and OAuth with the SAML assertion grant
- Securing Microservices with token exchange
Summary and Next Steps
Requirements
- Basic knowledge of web service and API development
Audience
- Developers
7 Hours
Testimonials (1)
The oral skills and human side of the trainer (Augustin).