Oauth 2.0 With Openid Connect || Crash Course ||

Learn OAuth2.0 & OpenID for mobile apps, web apps & also learn about the security risk associated with each grant type.

What you'll learn

You will learn OAuth 2.0 in detail

You will learn OpenID Connect

You will learn OAuth fundamentals

You will learn about different tokens using in OAuth

You will also learn authentication code

You will be able to learn authorization code

You will also learn about Implicit flow

You will also learn all the different risk associated with different grant type

You will also learn security considerations associated with OAuth 2.0

and much more

Requirements

No requirements

Description

Welcome my name is Anwer Khan and I will be your instructor throughout this course. Now I will talk straight to the point. Therefore, we will cover more in less time. In this course, we'll talk about the most common and useful approach to securing access to our APIs, and that's OAuth 2.0. At first glance, OAuth seems hard, and it is, but we'll break it down into core concepts, how and where to apply it. Yes, there's no one size fits all solution. So, we'll cover the different flavors and extensions to OAuth 2.0 that help it address things that you probably haven't even considered. OAuth 2.0, which stands for “Open Authorization,” allows third-party services to exchange your information without you having to give away your password. OAuth (Open Authorization) is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.Generally, OAuth 2.0 provides clients a "secure delegated access" to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without providing credentials. More and more, APIs are the foundation of our experience. Whether we're building customer facing mobile apps, updating existing web apps, integrating with that cool, new device, or thinking about micro services, we can't do that without APIs. Unfortunately, we rarely think about security and how we grant and revoke access. The consequences have already cost airlines, dating websites, and even governments hundreds of millions of dollars. You don't want to be next.OAuth 2.0 designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server.So, this is the best course available in Udemy for OAuth 2.0. You will learn lots of new stuff that you have not considered. So, I hope to see you in this course.Thank You.

Overview

Section 1: Introduction

Lecture 1 What you need to know

Lecture 2 PreRequisites

Section 2: OAuth 2.0

Lecture 3 OAuth 2.0

Lecture 4 OAuth 2.0 extensions

Lecture 5 OAuth 2.0 with OpenID Connect

Section 3: Starting Concepts

Lecture 6 OAuth fundamentals

Lecture 7 OAuth endpoint

Lecture 8 Designing and using OAuth scopes

Section 4: Tokens

Lecture 9 OAuth 2.0 tokens

Lecture 10 Validating JWTs

Lecture 11 Access and refresh token

Lecture 12 Parsing and using ID tokens

Lecture 13 Handling token safely and securely

Section 5: Authorization Code

Lecture 14 Authorization code flow

Lecture 15 When should I use authorization code flow

Lecture 16 PKCE

Lecture 17 When should use PKCE

Lecture 18 Authorization code flow example

Lecture 19 Native App or SPA example

Lecture 20 Security considerations

Section 6: Implicit Flow

Lecture 21 Implicit flow

Lecture 22 When should use implicit flow

Lecture 23 Great example app

Lecture 24 Security considerations

Section 7: Grant Type Resource Owner Password

Lecture 25 Resource owner password

Lecture 26 When should we use it

Section 8: Clients Credential Flow

Lecture 27 Clients credential flow

Lecture 28 When should I use this

Section 9: Device Grant Type Flow

Lecture 29 Device flow overview

Lecture 30 When should you use this

Lecture 31 Build an example Kiosk

Lecture 32 Security considerations

Section 10: Using an OAuth

Lecture 33 OAuth recommandations

Who wants to learn OAuth 2.0,Who wants to learn all the different grant types of OAuth 2.0,Who wants to know all the different risk associated with different grant type,Who wants to learn authentication and authorization,Software developers, Application developers,IT persons and teams, Software architects