Udemy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Development
Web Development Data Science Mobile Development Programming Languages Game Development Database Design & Development Software Testing Software Engineering Software Development Tools No-Code Development
Business
Entrepreneurship Communication Management Sales Business Strategy Operations Project Management Business Law Business Analytics & Intelligence Human Resources Industry E-Commerce Media Real Estate Other Business
Finance & Accounting
Accounting & Bookkeeping Compliance Cryptocurrency & Blockchain Economics Finance Finance Cert & Exam Prep Financial Modeling & Analysis Investing & Trading Money Management Tools Taxes Other Finance & Accounting
IT & Software
IT Certifications Network & Security Hardware Operating Systems & Servers Other IT & Software
Office Productivity
Microsoft Apple Google SAP Oracle Other Office Productivity
Personal Development
Personal Transformation Personal Productivity Leadership Career Development Parenting & Relationships Happiness Esoteric Practices Religion & Spirituality Personal Brand Building Creativity Influence Self Esteem & Confidence Stress Management Memory & Study Skills Motivation Other Personal Development
Design
Web Design Graphic Design & Illustration Design Tools User Experience Design Game Design 3D & Animation Fashion Design Architectural Design Interior Design Other Design
Marketing
Digital Marketing Search Engine Optimization Social Media Marketing Branding Marketing Fundamentals Marketing Analytics & Automation Public Relations Paid Advertising Video & Mobile Marketing Content Marketing Growth Hacking Affiliate Marketing Product Marketing Other Marketing
Lifestyle
Arts & Crafts Beauty & Makeup Esoteric Practices Food & Beverage Gaming Home Improvement & Gardening Pet Care & Training Travel Other Lifestyle
Photography & Video
Digital Photography Photography Portrait Photography Photography Tools Commercial Photography Video Design Other Photography & Video
Health & Fitness
Fitness General Health Sports Nutrition & Diet Yoga Mental Health Martial Arts & Self Defense Safety & First Aid Dance Meditation Other Health & Fitness
Music
Instruments Music Production Music Fundamentals Vocal Music Techniques Music Software Other Music
Teaching & Academics
Engineering Humanities Math Science Online Education Social Science Language Learning Teacher Training Test Prep Other Teaching & Academics
Web Development JavaScript React Angular CSS Node.Js HTML5 PHP Vue JS
AWS Certification Microsoft Certification AWS Certified Solutions Architect - Associate AWS Certified Cloud Practitioner CompTIA A+ Amazon AWS Cisco CCNA Microsoft AZ-900 AWS Certified Developer - Associate
Microsoft Power BI SQL Tableau Data Modeling Business Analysis Business Intelligence MySQL Qlik Sense Blockchain
Unity Unreal Engine Game Development Fundamentals C# 3D Game Development C++ Unreal Engine Blueprints 2D Game Development Virtual Reality
Google Flutter Android Development iOS Development React Native Swift Dart (programming language) Mobile App Development Kotlin SwiftUI
Graphic Design Photoshop Adobe Illustrator Drawing Digital Painting Canva InDesign Character Design Procreate Digital Illustration App
Life Coach Training Neuro-Linguistic Programming Personal Development Personal Transformation Life Purpose Mindfulness Meditation CBT Cognitive Behavioral Therapy Sound Therapy
Entrepreneurship Fundamentals Business Fundamentals Freelancing Business Strategy Startup Business Plan Online Business Blogging Home Business
Digital Marketing Social Media Marketing Marketing Strategy Internet Marketing Google Analytics Copywriting Email Marketing YouTube Marketing Podcasting

IT & SoftwareNetwork & SecuritySoftware Engineering

The Nuts and Bolts of OAuth 2.0

Covering OAuth 2.0, OpenID, PKCE, deprecated flows, JWTs, API Gateways, and scopes. No programming knowledge needed
Bestseller
Rating: 4.6 out of 54.6 (3,508 ratings)
13,548 students
Created by Aaron Parecki
Last updated 12/2020
English
English

What you'll learn

  • The basics of OAuth 2.0 and OpenID Connect
  • How to implement an OAuth client from scratch
  • Best practices for developing OAuth applications (server-side, native, and SPAs)
  • How to protect an API with JWT access tokens

Requirements

  • A basic understanding of HTTP requests, responses, and JSON
  • Experience with Postman, curl, or any other HTTP client

Description

OAuth 2.0 has become the industry standard for providing secure access to web APIs, allowing applications to access users' data without compromising security. Companies around the world add OAuth to their APIs to enable secure access from their own mobile apps and third-party IoT devices and even access to banking APIs.

Security expert Aaron Parecki breaks down each of the OAuth flows (grant types) and applies them to use cases such as implementing OAuth for web apps, native apps, and SPAs. In addition to learning how applications can use OAuth to access APIs, you’ll learn how to use OpenID Connect to get the user’s identity.

If you're building an API, you'll learn the differences and tradeoffs between different access token formats, how to choose an appropriate access token lifetime, and how to design scopes to protect various parts of your APIs.

This course includes the latest recommendations from the OAuth working group including covering everything from using PKCE for all types of applications to explaining the motivations behind dropping the Implicit and Password grants from the spec. These security recommendations and more will be rolled up into the new OAuth 2.1 update, so this course will give you an excellent head start on learning the best way to use OAuth going forward!

By the end of this course, you’ll understand:

  • The problems OAuth was created to solve

  • The basics of OAuth 2.0 and OpenID Connect

  • Best practices for developing web-based and native OAuth apps

  • The difference between local and remote access token validation

  • How to validate JWT access tokens

And you’ll be able to:

  • Implement an OAuth client from scratch

  • Protect the OAuth flows in native and JavaScript apps

  • Use OpenID Connect to get the user’s name email address

  • Protect an API with OAuth access tokens

  • Design scopes to protect various parts of your API

This course is for you because...

  • You’re a software architect, application developer, or technical decision maker

  • You work with APIs, web apps, mobile apps, or microservices

  • You want to deepen your understanding of application security and become a technical leader

Prerequisites

  • A basic understanding of HTTP requests, responses, and JSON

  • No programming language knowledge is necessary since the exercises can be completed without writing any code!

To follow along with the exercises, you'll also need:

  • Experience with Postman, curl, or any other HTTP client

  • A free Okta Developer account

This course also gives you exclusive access to an interactive web-based tool that will guide you through the exercises and give feedback along the way! It's like having the instructor provide real-time feedback as you are working through the exercises!

Who this course is for:

  • Software architects, application developers, or technical decision makers
  • API developers who want to better secure their APIs

Featured review

Tomáš Nesrovnal
Tomáš N.
17 courses
2 reviews
Rating: 5.0 out of 5a year ago
Amazing course. I really liked how I could try all steps with Okta and "https://example-app.com/" (amazing domain name btw). It's really good to know how it works under the hood. This course is a great and complete introduction to OAuth 2.0.

Instructor

Aaron Parecki
OAuth Expert and Author
Aaron Parecki
  • 4.6 Instructor Rating
  • 3,508 Reviews
  • 13,530 Students
  • 1 Course

Aaron Parecki is a Senior Security Architect at Okta. He is the author of OAuth 2.0 Simplified, a guide to building OAuth apps and servers. He regularly writes and gives talks about OAuth and online security, and is the editor of several specifications in the OAuth working group at the IETF. Aaron has spoken at conferences around the world about OAuth, data ownership, quantified self, and home automation, and his work has been featured in Wired, Fast Company and more.

Top companies choose Udemy Business to build in-demand career skills.
NasdaqVolkswagenBoxNetAppEventbrite
  • Udemy Business
  • Teach on Udemy
  • Get the app
  • About us
  • Contact us
  • Careers
  • Blog
  • Help and Support
  • Affiliate
  • Investors
  • Impressum Kontakt
  • Terms
  • Privacy policy
  • Cookie settings
  • Sitemap
  • Accessibility statement
Udemy
© 2022 Udemy, Inc.