Advanced OAuth Security
Advanced OAuth Security
.MP4, AVC, 1280x720, 30 fps | English, AAC, 2 Ch | 1h 42m | 1.67 GB
Instructor: Aaron Parecki
.MP4, AVC, 1280x720, 30 fps | English, AAC, 2 Ch | 1h 42m | 1.67 GB
Instructor: Aaron Parecki
Learn the high-security OAuth extensions described in FAPI: PAR, JAR, JARM, DPoP, Mutual TLS, and HTTP Signatures
What you'll learn
- How to leverage the advanced OAuth specifications for high-security applications
- Learn the details of the FAPI specifications, including the FAPI Security Profile and FAPI Message Signing
- Learn the purpose of JAR, JARM, MTLS, DPoP, HTTP Signatures, and Non-Repudiation
- How to apply HTTP Message Signing and JWTs to achieve non-repudiation for every role in an OAuth exchange
Description
Certain applications need a higher level of security compared to what is part of the core OAuth 2.0 specifications. This course will guide you through the details of FAPI, a set of extensions of OAuth 2.0 that provide additional layers of security throughout the OAuth flows.
This course covers the extensions of OAuth developed by the OAuth Working Group at the IETF as well as the OpenID Foundation, including:
- PKCE
- Authorization Server Issuer Identifier
- Pushed Authorization Requests (PAR)
- Mutual TLS (MTLS)
- Private Key JWT
- Demonstration of Proof of Possession (DPoP)
- JWT Response for OAuth Token Introspection
- JWT-Secured Authorization Requests (JAR)
- JWT-Secured Authorization Response Mode (JARM)
- HTTP Signatures
This course is for you because…
- You've got a solid understanding of the basics of OAuth, and
- You're looking to take your knowledge to the next level
- You want to ensure the systems you're building are up to the industry standards in security
- You want to deepen your understanding of application security and become a technical leader
Prerequisites
- An understanding of HTTP requests, responses, and JSON
- A basic understanding of JSON Web Tokens (JWT)
- Familiarity with the OAuth authorization code flow
This course also gives you exclusive access to an interactive web-based tool that will guide you through the exercises and give feedback along the way! It's like having the instructor provide real-time feedback as you are working through the exercises!
Who this course is for:
- Software architects, application developers, or technical decision makers
- API developers who want to better secure their APIs
- Developers and software architects working in high-security fields working with financial or medical records
Advanced OAuth Security
