OpenID Connect is the de-facto standard we should use for handling authentication and authorization in modern applications. However, it can still be very complex and confusing with all the various concepts, including scopes, claims, flows, resources, and tokens.
In this course you will learn the following:
Authentication vs. authorization
How OAuth 2.x and OpenID Connect work
Fundamental concepts
How a client authenticates against an authorization server
How to retrieve and consume JWT tokens
How OpenID Connect fits into your architecture
How the tokens are secured and managed
This course includes many hands-on exercises that will help you understand how the protocol works under the hood.
Prerequisites:
The HTTP(s) protocol (including methods, headers, and cookies…)
How the web works in general
Some experience in developing backend web solutions.
Target audience:
Developers and architects who want to learn the fundamentals and how to protect applications using OAuth2 and OpenID Connect. This class focuses on the various standards and protocols, not on a specific implementation or programming language.
Course content:
Introduction
Authentication vs. Authorization
Our challenges
OAuth versions
OAuth vs. OpenID Connect
Token Service
Authorization Server
Relying party
ID token
Access token
Authentication architecture
Token endpoints
Discovery document
Implicit flow
How does this flow work
Why it is no longer a recommended flow
JWT tokens
ID token
JSON Web Tokens
JWT access tokens
Claims and scopes
What are claims?
Claim types
Scopes
User consent
Securing the token
Unsecure tokens
Signed tokens
Signature algorithms
Private/public keys
Encrypted tokens
Authorization Code Flow
Public vs. private clients
Front vs. back-channel
Client Credentials flow
Refresh tokens
Proof Key for Code Exchange (PKCE)
Backend for Frontend (BFF)
OAuth 2.1
And much more…