Udemy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Development
Web Development Data Science Mobile Development Programming Languages Game Development Database Design & Development Software Testing Software Engineering Development Tools No-Code Development
Business
Entrepreneurship Communications Management Sales Business Strategy Operations Project Management Business Law Business Analytics & Intelligence Human Resources Industry E-Commerce Media Real Estate Other Business
Finance & Accounting
Accounting & Bookkeeping Compliance Cryptocurrency & Blockchain Economics Finance Finance Cert & Exam Prep Financial Modeling & Analysis Investing & Trading Money Management Tools Taxes Other Finance & Accounting
IT & Software
IT Certification Network & Security Hardware Operating Systems Other IT & Software
Office Productivity
Microsoft Apple Google SAP Oracle Other Office Productivity
Personal Development
Personal Transformation Personal Productivity Leadership Career Development Parenting & Relationships Happiness Esoteric Practices Religion & Spirituality Personal Brand Building Creativity Influence Self Esteem & Confidence Stress Management Memory & Study Skills Motivation Other Personal Development
Design
Web Design Graphic Design & Illustration Design Tools User Experience Design Game Design Design Thinking 3D & Animation Fashion Design Architectural Design Interior Design Other Design
Marketing
Digital Marketing Search Engine Optimization Social Media Marketing Branding Marketing Fundamentals Marketing Analytics & Automation Public Relations Advertising Video & Mobile Marketing Content Marketing Growth Hacking Affiliate Marketing Product Marketing Other Marketing
Lifestyle
Arts & Crafts Beauty & Makeup Esoteric Practices Food & Beverage Gaming Home Improvement Pet Care & Training Travel Other Lifestyle
Photography & Video
Digital Photography Photography Portrait Photography Photography Tools Commercial Photography Video Design Other Photography & Video
Health & Fitness
Fitness General Health Sports Nutrition Yoga Mental Health Dieting Self Defense Safety & First Aid Dance Meditation Other Health & Fitness
Music
Instruments Music Production Music Fundamentals Vocal Music Techniques Music Software Other Music
Teaching & Academics
Engineering Humanities Math Science Online Education Social Science Language Teacher Training Test Prep Other Teaching & Academics
AWS Certification Microsoft Certification AWS Certified Solutions Architect - Associate AWS Certified Cloud Practitioner CompTIA A+ Cisco CCNA Amazon AWS CompTIA Security+ Microsoft AZ-900
Graphic Design Photoshop Adobe Illustrator Drawing Digital Painting InDesign Character Design Canva Figure Drawing
Life Coach Training Neuro-Linguistic Programming Personal Development Mindfulness Personal Transformation Life Purpose Meditation CBT Emotional Intelligence
Web Development JavaScript React CSS Angular PHP Node.Js WordPress Vue JS
Google Flutter Android Development iOS Development React Native Swift Dart Programming Language Mobile Development Kotlin SwiftUI
Digital Marketing Google Ads (Adwords) Social Media Marketing Google Ads (AdWords) Certification Marketing Strategy Internet Marketing YouTube Marketing Email Marketing Retargeting
Microsoft Power BI SQL Tableau Business Analysis Data Modeling Business Intelligence MySQL Data Analysis Blockchain
Business Fundamentals Entrepreneurship Fundamentals Business Strategy Business Plan Startup Online Business Freelancing Blogging Home Business
Unity Game Development Fundamentals Unreal Engine C# 3D Game Development C++ 2D Game Development Unreal Engine Blueprints Blender
30-Day Money-Back Guarantee
IT & Software Network & Security Software Engineering

The Nuts and Bolts of OAuth 2.0

Covering OAuth 2.0, OpenID, PKCE, deprecated flows, JWTs, API Gateways, and scopes. No programming knowledge needed
Bestseller
Rating: 4.7 out of 54.7 (598 ratings)
2,595 students
Created by Aaron Parecki
Last updated 12/2020
English
English
30-Day Money-Back Guarantee

What you'll learn

  • The basics of OAuth 2.0 and OpenID Connect
  • How to implement an OAuth client from scratch
  • Best practices for developing OAuth applications (server-side, native, and SPAs)
  • How to protect an API with JWT access tokens
Curated for the Udemy for Business collection

Requirements

  • A basic understanding of HTTP requests, responses, and JSON
  • Experience with Postman, curl, or any other HTTP client

Description

OAuth 2.0 has become the industry standard for providing secure access to web APIs, allowing applications to access users' data without compromising security. Companies around the world add OAuth to their APIs to enable secure access from their own mobile apps and third-party IoT devices and even access to banking APIs.

Security expert Aaron Parecki breaks down each of the OAuth flows (grant types) and applies them to use cases such as implementing OAuth for web apps, native apps, and SPAs. In addition to learning how applications can use OAuth to access APIs, you’ll learn how to use OpenID Connect to get the user’s identity.

If you're building an API, you'll learn the differences and tradeoffs between different access token formats, how to choose an appropriate access token lifetime, and how to design scopes to protect various parts of your APIs.

This course includes the latest recommendations from the OAuth working group including covering everything from using PKCE for all types of applications to explaining the motivations behind dropping the Implicit and Password grants from the spec. These security recommendations and more will be rolled up into the new OAuth 2.1 update, so this course will give you an excellent head start on learning the best way to use OAuth going forward!

By the end of this course, you’ll understand:

  • The problems OAuth was created to solve

  • The basics of OAuth 2.0 and OpenID Connect

  • Best practices for developing web-based and native OAuth apps

  • The difference between local and remote access token validation

  • How to validate JWT access tokens

And you’ll be able to:

  • Implement an OAuth client from scratch

  • Protect the OAuth flows in native and JavaScript apps

  • Use OpenID Connect to get the user’s name email address

  • Protect an API with OAuth access tokens

  • Design scopes to protect various parts of your API

This course is for you because...

  • You’re a software architect, application developer, or technical decision maker

  • You work with APIs, web apps, mobile apps, or microservices

  • You want to deepen your understanding of application security and become a technical leader

Prerequisites

  • A basic understanding of HTTP requests, responses, and JSON

  • No programming language knowledge is necessary since the exercises can be completed without writing any code!

To follow along with the exercises, you'll also need:

  • Experience with Postman, curl, or any other HTTP client

  • A free Okta Developer account

This course also gives you exclusive access to an interactive web-based tool that will guide you through the exercises and give feedback along the way! It's like having the instructor provide real-time feedback as you are working through the exercises!

Who this course is for:

  • Software architects, application developers, or technical decision makers
  • API developers who want to better secure their APIs

Featured review

Tomáš Nesrovnal
Tomáš Nesrovnal
12 courses
2 reviews
Rating: 5.0 out of 52 months ago
Amazing course. I really liked how I could try all steps with Okta and "https://example-app.com/" (amazing domain name btw). It's really good to know how it works under the hood. This course is a great and complete introduction to OAuth 2.0.

Course content

16 sections • 51 lectures • 3h 32m total length

  • Preview02:23
  • A Brief History of OAuth
    03:36
  • How OAuth Improves Application Security
    05:19
  • Preview04:19
  • The Basics
    7 questions

  • Roles in OAuth
    04:46
  • Application Types
    04:55
  • User Consent
    05:37
  • Front Channel vs Back Channel
    06:13
  • Application Identity
    06:54
  • API Security Concepts
    10 questions

  • Introduction to OAuth Clients
    01:21
  • Preparing for the Exercises
    1 question

  • Registering an Application
    04:15
  • Authorization Code Flow for Web Applications
    11:01
  • OAuth for Web Server Applications
    1 question

  • The Unique Issues of Native Apps
    01:10
  • Redirect URLs for Native Apps
    03:34
  • Browser Security for Native Apps
    04:13
  • Authorization Code Flow for Native Apps
    09:07
  • Refresh Tokens for Native Apps
    04:10
  • Using Refresh Tokens
    1 question

  • Problems with the Browser Environment
    04:43
  • Authorization Code Flow for Single-Page Applications
    08:37
  • Protecting Tokens in the Browser
    05:19
  • Securing the Browser with a Backend
    02:30
  • OAuth for Single-Page Applications
    1 question

  • Limitations of IoT and Smarthome Devices
    03:53
  • Device Flow for Browserless Devices
    04:48

  • When to use the Client Credentials Grant
    02:27
  • Client Credentials Grant for Machine-to-Machine Applications
    02:04
  • Getting an Access Token with the Client Credentials Grant
    1 question

  • What is an ID Token
    03:34
  • How ID Tokens are Different from Access Tokens
    02:32
  • Obtaining an ID Token
    05:23
  • Hybrid OpenID Connect Flows
    04:29
  • Validating and Using an ID Token
    06:24
  • Getting the User's Name and Email Address using OpenID Connect
    1 question

  • Preview01:17

Instructor

Aaron Parecki
OAuth Expert and Author
Aaron Parecki
  • 4.7 Instructor Rating
  • 598 Reviews
  • 2,587 Students
  • 1 Course

Aaron Parecki is a Senior Security Architect at Okta. He is the author of OAuth 2.0 Simplified, a guide to building OAuth apps and servers. He regularly writes and gives talks about OAuth and online security, and is the editor of several specifications in the OAuth working group at the IETF. Aaron has spoken at conferences around the world about OAuth, data ownership, quantified self, and home automation, and his work has been featured in Wired, Fast Company and more.

  • Udemy for Business
  • Teach on Udemy
  • Get the app
  • About us
  • Contact us
  • Careers
  • Blog
  • Help and Support
  • Affiliate
  • Impressum Kontakt
  • Terms
  • Privacy policy
  • Cookie settings
  • Sitemap
  • Featured courses
Udemy
© 2021 Udemy, Inc.