Getting Started with OAuth 2.0

Focused View

Scott Brady

2:00:01

14 View

0. Course Overview

0. Course Overview.mp4

01:29

1. API Security 101

0. Introduction.mp4

01:32

1. A Problem of API Authorization.mp4

02:37

2. A Solution Credential Sharing.mp4

03:19

3. A Solution Cookies.mp4

01:06

4. A Solution API Keys.mp4

02:10

5. The Solution OAuth 2.0.mp4

05:31

6. Demo A Very Typical OAuth Flow.mp4

01:31

7. OAuth A Misunderstood Protocol.mp4

04:42

8. Summary.mp4

00:53

2. OAuth in Detail

0. Introduction.mp4

01:02

1. Protocol Endpoints.mp4

01:03

2. What Is a Scope.mp4

01:01

3. Authorization Code for Web Applications.mp4

07:46

4. Demo Authorization Code for Web Applications.mp4

02:10

5. Implicit Flow for Single Page Applications.mp4

06:24

6. Demo Implicit Flow for Single Page Applications.mp4

01:13

7. Client Credentials for Machines.mp4

02:28

8. Demo Client Credentials for Machines.mp4

00:38

9. Resource Owner Password Credentials for No One.mp4

02:57

10. Demo Resource Owner Password Credentials for No One.mp4

00:45

11. Long-lived Access with Refresh Tokens.mp4

05:21

12. Demo Long-lived Access with Refresh Tokens.mp4

01:18

13. Choosing the Right Response Mode.mp4

01:36

14. When Things Go Wrong.mp4

01:15

15. Simplifying OAuth with OAuth 2.1.mp4

01:41

16. Summary.mp4

01:22

3. Best Practices for Native Applications

0. Introduction.mp4

00:58

1. The Unique Issues of Native Applications.mp4

03:16

2. Dealing with Stolen Tokens Using PKCE.mp4

02:52

3. Choosing the Best Redirect URI.mp4

02:28

4. Not All Browsers Are Created Equally.mp4

03:18

5. Demo OAuth for Native Applications in Action.mp4

01:56

6. Summary.mp4

01:54

4. Best Practices for Browser-based Applications

0. Introduction.mp4

00:54

1. The Security Profile of a Browser-based Application.mp4

02:34

2. OAuth within the Browser.mp4

01:57

3. Avoid OAuth with SameSite Cookies.mp4

02:12

4. Secure Browser-based Applications with Backend for Frontend.mp4

01:08

5. Summary.mp4

01:02

5. Extending OAuth

0. Introduction.mp4

00:57

1. OAuth + Identity with OpenID Connect.mp4

08:05

2. Demo Identity with OpenID Connect.mp4

01:21

3. Automatically Configuring Clients with OAuth Metadata.mp4

01:36

4. Securely Authorizing the IoT with the OAuth Device Flow.mp4

06:29

5. Demo Device Flow in Action.mp4

01:47

6. Combining SAML and OAuth with the SAML Assertion Grant.mp4

02:42

7. Securing Microservices with Token Exchange.mp4

03:56

8. Summary.mp4

01:49

Description

OAuth 2.0 is the go-to solution for API security, bringing authorization and delegation to modern HTTP APIs. In this course, you'll learn the fundamentals of OAuth, allowing you to architect and implement the right solution for your requirements.

What You'll Learn?

OAuth 2.0 is the go-to solution for API security, bringing authorization and delegation to modern HTTP APIs. In this course, Getting Started with OAuth 2.0, you'll learn the fundamentals of OAuth and why it is preferred over past solutions. First, you'll explore each grant type and flow in detail, looking at their strengths and weaknesses, and when they should be used or not. Next, you'll take a close look at native applications such as mobile apps, and their unique security issues when using OAuth. Finally, you'll learn some common extensions to the OAuth protocols, such as OpenID Connect and the upcoming OAuth device flow. All of this will be covered without using any particular programming language or stack. When you're finished with this course, you will know how to integrate with any OAuth 2 authorization server and architect the right solution for you.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

REST API

Cyber Security

Network Security

Information Security

API

Scott Brady

Instructor's Courses

Scott Brady is a software developer specializing in identity and access management. Focusing on ASP.NET, Scott has increasingly found himself in undocumented territory, piecing together the facts and attempting to pass them on so that others don't have to go through the same. Scott currently work as a Senior Software Engineer for Rock Solid Knowledge and is a contributor to the IdentityServer OSS project, the leading OpenID Connect and OAuth framework for .NET.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.