Udemy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Development
Web Development Data Science Mobile Development Programming Languages Game Development Database Design & Development Software Testing Software Engineering Development Tools No-Code Development
Business
Entrepreneurship Communications Management Sales Business Strategy Operations Project Management Business Law Business Analytics & Intelligence Human Resources Industry E-Commerce Media Real Estate Other Business
Finance & Accounting
Accounting & Bookkeeping Compliance Cryptocurrency & Blockchain Economics Finance Finance Cert & Exam Prep Financial Modeling & Analysis Investing & Trading Money Management Tools Taxes Other Finance & Accounting
IT & Software
IT Certification Network & Security Hardware Operating Systems Other IT & Software
Office Productivity
Microsoft Apple Google SAP Oracle Other Office Productivity
Personal Development
Personal Transformation Personal Productivity Leadership Career Development Parenting & Relationships Happiness Esoteric Practices Religion & Spirituality Personal Brand Building Creativity Influence Self Esteem & Confidence Stress Management Memory & Study Skills Motivation Other Personal Development
Design
Web Design Graphic Design & Illustration Design Tools User Experience Design Game Design Design Thinking 3D & Animation Fashion Design Architectural Design Interior Design Other Design
Marketing
Digital Marketing Search Engine Optimization Social Media Marketing Branding Marketing Fundamentals Marketing Analytics & Automation Public Relations Advertising Video & Mobile Marketing Content Marketing Growth Hacking Affiliate Marketing Product Marketing Other Marketing
Lifestyle
Arts & Crafts Beauty & Makeup Esoteric Practices Food & Beverage Gaming Home Improvement Pet Care & Training Travel Other Lifestyle
Photography & Video
Digital Photography Photography Portrait Photography Photography Tools Commercial Photography Video Design Other Photography & Video
Health & Fitness
Fitness General Health Sports Nutrition Yoga Mental Health Dieting Self Defense Safety & First Aid Dance Meditation Other Health & Fitness
Music
Instruments Music Production Music Fundamentals Vocal Music Techniques Music Software Other Music
Teaching & Academics
Engineering Humanities Math Science Online Education Social Science Language Teacher Training Test Prep Other Teaching & Academics
AWS Certification Microsoft Certification AWS Certified Solutions Architect - Associate AWS Certified Cloud Practitioner CompTIA A+ Cisco CCNA Amazon AWS CompTIA Security+ AWS Certified Developer - Associate
Photoshop Graphic Design Adobe Illustrator Drawing Digital Painting InDesign Character Design Canva Figure Drawing
Life Coach Training Neuro-Linguistic Programming Mindfulness Personal Development Meditation Personal Transformation Life Purpose Neuroscience Emotional Intelligence
Web Development JavaScript React CSS Angular PHP WordPress Node.Js Python
Google Flutter Android Development iOS Development Swift React Native Dart Programming Language Mobile Development Kotlin SwiftUI
Digital Marketing Google Ads (Adwords) Social Media Marketing Google Ads (AdWords) Certification Marketing Strategy Internet Marketing YouTube Marketing Email Marketing Retargeting
SQL Microsoft Power BI Tableau Business Analysis Business Intelligence MySQL Data Analysis Data Modeling Data Science
Business Fundamentals Entrepreneurship Fundamentals Business Strategy Online Business Business Plan Startup Freelancing Blogging Home Business
Unity Game Development Fundamentals Unreal Engine C# 3D Game Development C++ 2D Game Development Unreal Engine Blueprints Blender
30-Day Money-Back Guarantee
IT & Software Network & Security OAuth

OAuth 2.0: Nailed the core framework with hands dirty.

KeyCloak, Golang, React + Router + Bootstrap, Github’s OAuth. OAuth 2.0 RFCs
Rating: 4.0 out of 54.0 (85 ratings)
445 students
Created by Charnnarong Chomthiang
Last updated 6/2020
English
English
30-Day Money-Back Guarantee

What you'll learn

  • Create a personal OAuth 2.0 playground in a virtual machine.
  • The fundamentals of the OAuth 2.0 framework.
  • Develop projects from scratch and secure them with OAuth 2.0
  • Attack your own projects
  • Apply some best practices like PKCE.
  • A touch on OpenID Connect.
  • Integrate our projects with Github’s OAuth application.

Requirements

  • A machine that can run a virtual machine by VirtualBox.
  • Basic knowledge of programming.

Description

In this course, we will start learning Oauth2 by using a production-ready Authorization Server such as Keycloak at the beginning. That sounds reasonable, but why do we do that?

By using a correct implementation authorization server at the beginning, it prevents us from going in the wrong way by ensuring that the authorization server complies with the Oauth 2.0 specification correctly. Besides, we can peacefully focus on how a client communicates with the authorization server in various different flows that are available and waiting for us to learn them and understand them. At the end of the day, it is less likely that one will use the Authorization server written from scratch for their production. And more importantly, we are focusing on fundamentals as our first priority. We wanted to divide the huge concept apart and conquer each small enough pieces that can be easily comprehended from the ground up.

Hence we offload what we haven’t focused yet to another piece of software we believe it implements correctly. Once we understand ins and outs all relevant theories, then our implementation will hardly go wrong if we really wanted to implement an Authentication server ourselves, In addition, the Authorization server is unarguably a complex system. So again, we won’t implement an authorization server in this course.

After we develop the OAuth 2.0 client and protected-resource. The protected resource will be a simple service that exposes APIs. Then we protected them with the Oauth2 framework. And with all solid understanding of the fundamental of how an authorization server behaves, plus the familiarity with RFC6749. Then we can at least implement a simple authorization server with joy.

Let’s imagine that, if this course was designed completely opposite direction, that is to guide you to start building the Authorization server at the beginning, it will draw a lot of energy from us. It will keep us juggling all OAuth's roles at once, and possibly take time to correct any mistakes that may occur from misunderstanding the concept and hence it could possibly take longer to achieve that same goal. That is why this course is carefully designed to deeply understand the Oauth 2.0 framework.

For more information and more specialty, please find my blog under my profile picture.

Who this course is for:

  • This course is for a newcomer who wants to understand the core concept of the OAuth.
  • This course doesn’t cover all the best practices of the IETF’s draft topic.

Course content

11 sections • 73 lectures • 6h 4m total length

  • Preview02:50
  • Why don’t we implement an authorization server?
    02:32
  • Choosing between Virtual Machine and Docker
    02:49
  • Preview03:33
  • Why don’t I provide a project code?
    01:46
  • Prerequisite checklist.
    00:35
  • Preview03:25
  • Install KeyCloak
    05:34
  • Configure KeyCloak accessible from host OS.
    05:13

  • What is OAuth’s Client
    04:16
  • Setup Golang Environment.
    04:01
  • “Hello world” Client-Server Web Application.
    02:59
  • Sketch out OAuth Client.
    06:21
  • Add admin user to Authorization Server.
    04:17
  • Register Client to OAuth server & Obtain Authorization code.
    16:46
  • Processing the Authorization Code response.
    08:25
  • Added Resource Owner Logout Functionality.
    05:12
  • Improve UI & Code Refactoring
    10:40
  • Adding CSS & Improve UI Layout with Bootstrap.
    07:59
  • Exchange for an Access token.
    10:24
  • Extracting Access token.
    05:49
  • Authorization code flow recap.
    01:28
  • Logging
    08:18

  • Protected Resource Overview
    00:38
  • Simple Unprotected Resource
    06:49
  • Client – Resource Communication.
    12:30
  • Protecting Resource
    15:43
  • Access Token Validation Theories.
    08:15
  • Access Token Validation implementation.
    08:07
  • Update the Client to send access token in the request.
    04:05
  • Enforce permission with Access Token Scopes
    13:56
  • Client handles the bad responses from a protected resource.
    01:03
  • Adding scopes to Client Application.
    02:05
  • Offline Access Token Validation Overview.
    03:09

  • Exchange for Access token after redirect.
    01:52
  • Remove Exchange Token Endpoint.
    03:16
  • Your client has a flaw. Fishing for authCode
    01:47
  • Protect your client from cross-site
    08:45
  • Preview00:56

  • Why implicit Grant
    01:18
  • Implicit Grant flow
    00:56
  • Build a client with React
    07:24
  • Setup React Router and code skeleton.
    06:08
  • Get access Token
    03:44
  • Store Access token in React
    05:56
  • Access protected resources
    04:46
  • Fixing CORS and uses Optional Scope parameter
    05:33
  • Render result in React
    05:42
  • Implicit grant flow Summary.
    01:01

  • Resource Owner Password Credentials Grant Flow diagram.
    01:22
  • Resource Owner Password Credentials Grant Flow in action.
    03:12
  • When to use Resource Owner Password Credentials Grant
    01:13

  • Client credential grant flow.
    00:19
  • Client credential grant flow in action
    01:53

  • Extension grants
    05:53

  • Refresh token
    11:02

  • Use GitHub as Identity Provider (IdP)
    06:48
  • Bad service reuse Access Token problem.
    01:28
  • Solution for Bad service reuse Access Token problem
    00:29
  • Solution analysis for a reused access token.
    01:45
  • Build Evil service
    05:53
  • Protect Good Service From a call by evil service.
    11:56
  • Exerciser Handle unmarshal audience problem.
    00:16
  • Solution Handle unmarshalled audience problem.
    15:32
  • Consent.
    04:50
  • Understand OpenID Connect (OIDC) + Hands-on.
    07:38
  • Interception Attack And Proof Key for Code Exchange (PKCE).
    02:30
  • PKCE concept.
    04:02
  • PKCE in action.
    07:18
  • PKCE in action Continue.
    06:05

Instructor

Charnnarong Chomthiang
Software integration specialist
Charnnarong Chomthiang
  • 4.3 Instructor Rating
  • 207 Reviews
  • 1,914 Students
  • 3 Courses

Learning is probably one of the most pleasant activities privileges to a human being. Most of us are doing it every day. However, when it comes to technologies these days, there are many things to learn out there, what if there is a faster way to achieve the same goal?


Hi, I am Charnnarong Chomthiang. I grew up among unanswered mysterious stories since I was a child. That made me love to demystify things around resiliently. And when I had a chance to know about Computer science. My destiny was discovered since then.


When finding a different perspective of the same thing becomes my second nature skill, I usually turn a result of that into smiling faces around by spreading new angles out to others.


To share that psychological moment even further, here I am. The place where I can release all my energy without holding it back.


For my professional background please find Linkedin under the profile picture.


  • Udemy for Business
  • Teach on Udemy
  • Get the app
  • About us
  • Contact us
  • Careers
  • Blog
  • Help and Support
  • Affiliate
  • Terms
  • Privacy policy
  • Cookie settings
  • Sitemap
  • Featured courses
Udemy
© 2021 Udemy, Inc.