We provide virtual course with introduction to OpenID Connect and OAuth. OpenID Connect is the de-facto standard we should use for handling authentication and authorization in modern applications.
Course description:
However, it can still be very complex and confusing with all the various concepts, including scopes, claims, flows, resources, and tokens. This course includes many hands-on exercises that will help you understand how the protocol works under the hood.
In this course you will learn the following:
• Authentication vs. authorization
• How OAuth 2.x and OpenID Connect work
• Fundamental concepts
• How a client authenticates against an authorization server
• How to retrieve and consume JWT tokens
• How OpenID Connect fits into your architecture
• How the tokens are secured and managed
Course content:
1) Introduction:
• Authentication vs. Authorization
• Our challenges
• OAuth versions
• OAuth vs. OpenID Connect
2) Token Service:
• Authorization Server
• Relying party
• ID token
• Access token
• Authentication architecture
• Token endpoints
• Discovery document
3) Implicit flow:
• How does this flow work
• Why it is no longer a recommended flow
4) JWT tokens:
• ID token
• JSON Web Tokens
• JWT access tokens
5) Claims and scopes:
• What are claims
• Claim types
• Scopes
• User consent
6) Securing the token:
• Unsecure tokens
• Signed tokens
• Signature algorithms
• Private/public keys
• Encrypted tokens
7) Client Credentials flow:
• Refresh tokens
• Proof Key for Code Exchange (PKCE)
• Backend for Frontend (BFF)
• OAuth 2.1
• And much more…
Instructor: Tore Nestenius
Tore has worked as a consultant since 1997 and is a very knowledgeable system developer and has in the past worked for large companies like Ericsson and Flextronics. Early in his career, Tore Nestenius started Programmers Heaven - a portal with over 750.000 monthly users. He’s behind several other successful projects like CodePedia - a Wiki for developers, the Open Source project TNValidate, and the C# School e-book with over 100.000 downloads.
Target audience:
Developers and architects who want to learn the fundamentals and how to protect applications using OAuth2 and OpenID Connect. This class focuses on the various standards and protocols, not on a specific implementation or programming language.
Prerequisites:
• The HTTP(s) protocol (including methods, headers, and cookies)
• How the web works in general
• Some experience in developing backend web solutions
Language:
• English course material, english speaking instructor