Learn OAuth 2.0 - Get started as an API Security Expert

Imagine what could happen to your professional career as a Web Developer if you had skills in OAuth and API Security!
3.8 (152 ratings)
Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
1,365 students enrolled Bestselling in OAuth 2.0
84% off
Take This Course
  • Lectures 44
  • Length 3.5 hours
  • Skill Level All Levels
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works


Find online courses made by experts from around the world.


Take your courses with you and learn anywhere, anytime.


Learn and practice real-world skills and achieve your goals.

About This Course

Published 7/2015 English

Course Description


This course is based on the bestselling book "OAuth 2.0: Getting Started in Web-API Security". Before I tell you what is presented in the course, just read, what the audience thinks about the book.

Excellent review of the underlying components of OAuth, and the methods of deploying and using it. Love the sequence diagrams. The explanations of the differences between the pattern use cases is most helpful.

***** 5 Stars by A. on April 22, 2015

Great Book: A clear explanation of OAuth and its authentication flows. It provided great descriptions of the OpenId Connect and SAML2 extensions.

***** 5 Stars by Donald E. L. on March 2, 2015

Brief explanation of OAuth but clear and straightforward.

***** 5 Stars by G. S. on February 12, 2015

Recent Updates

2017-01-19 Answered two new questions of my students in the Q&A 
2016-11-24 Answered five new questions of my students on OAuth and Angular JS
2016-07-12 Answered a new questions of my students on Programming OAuth on iOS and Android
2016-07-06 Added Official IETF Specification Document for OAuth 2, RFC 6749
2015-07-30 Added Lecture on OAuth with Paypal
2015-07-28 Added Lecture on OAuth with Google and LinkedIn
2015-07-25 Added Lecture on OAuth with Facebook

This course is for you...

...if you want to improve your market value as a Software Engineer and Security Expert. Imagine what could happen to your professional career if you could add API Security and OAuth skills to your CV!

API Security experts and engineers who understand OAuth are in HIGH DEMAND, as companies expand their digital business. Plenty of opportunities are waiting for anyone who has the right skills.

Do you want to write best-selling iPhone and Android apps?

The most popular mobile apps integrate with popular social APIs of Google, LinkedIn, Facebook, Paypal and many more. If this is a well known fact, why do app developers not just do it?

Many app developers are afraid of complicated OAuth integrations. Security is in fact the biggest hurdle for most mobile app developers.

With the knowledge gained in this course you can use the secret of best app developers out there and finally integrate your app with social APIs.

Do you want to start out on your own, as an entrepreneur, consultant or freelancer?

Knowing API Security and OAuth allows you to realize the big vision of your company in the field of mobile apps, cloud apps and web APIs, such as Google, Paypal and LinkedIn.

Do you want to build exciting solutions with the next generation technology?

Whether you are a web developer, mobile developer or API developer, an architect or embedded developer for the Internet of Things, today you need to know OAuth to build state of the art solutions.

What does this course offer?

This course offers an introduction to API Security with OAuth 2.0. In 3 hours you will gain an overview of the capabilities of OAuth. You will learn the core concepts of OAuth. You will get to know all 4 OAuth flows that are used in cloud solutions and mobile apps.

If you have tried to read the official OAuth specification, you may get the impression that OAuth is complex. This course explains OAuth in simple terms. The four OAuth flows are visualized graphically using sequence diagrams. The diagrams are then animated so you get to know the interactions step by step and see the big picture of the various OAuth interactions. This high-level overview is complemented with rich set of example requests and responses and an explanation of the technical details.

Who should take this course?

You believe OAuth is complicated? OAuth may seem complex with flows and redirects going back and forth. This course will give you clarity by introducing the seemingly complicated material by many illustrations. These illustrations clearly show all the involved interaction parties and the messages they exchange.

You want to learn the OAuth concepts efficiently? This course uses many animated diagrams and sequence diagrams. A good diagram says more than 1000 words.

You want to use OAuth in your mobile app? If you want to access resources that are protected by OAuth, you need to get a token first, before you can access the resource. For this, you need to understand the OAuth flows and the dependencies between the steps of the flows.

You want to use OAuth to protect your APIs? OAuth is perfectly suited to protect your APIs. You can learn which OAuth endpoints need to be provided and which checks need to be made within the protected APIs.

What are the requirements?

  • You should be familiar with basic web service and API development
  • If you would like to use OAuth in a Mobile App, you should know how to develop for the respective platform. Mobile App Development is not covered in this course.

What am I going to get from this course?

  • Use OAuth to access Google, Paypal, LinkedIn and Facebook APIs
  • Use OAuth in Mobile Apps (client-side).
  • Use OAuth to protect your APIs and Cloud Solutions
  • Apply OAuth Best Practices.
  • Choose the correct OAuth Flow flow for your use-case.
  • Know the OAuth Terminology: Actors, Endpoints, Tokens.
  • Use OAuth in Cloud Solutions (client-side).

Who is the target audience?

  • This course is for beginners in API Security and OAuth.
  • This course is not for you, if you already know the four basic OAuth flows and how they are used.

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.


Section 1: Introduction
Introduction: Preview of the Course
Introduction: What is covered in this course?
Introduction: Practice Part
Section 2: OAuth Big Picture
Example: OAuth for Third Party Access
Example: The Password Antipattern
Example: The Solution provided by OAuth 2.0
The Password Anti-Pattern
OAuth 2.0 Solution
OAuth Basics
3 questions
References to more Information on OAuth 2.0
Section 3: OAuth Components
Section Overview: OAuth Terminology
Overview of OAuth Actors
OAuth Actors in Detail
OAuth Endpoints
The Subway Ticket and the Token
Overview of OAuth Tokens and Credentials
OAuth Components
1 question
Section 4: OAuth Flows: Interactions between the OAuth Components
Example: Interaction of OAuth Components in an OAuth Flow
Overview of OAuth Flows
OAuth Flows
3 questions
Section 5: Authorization Code Flow
Usage Scenario and Features of this Flow
Authorization Code Flow: Authorization Endpoint
Authorization Code Flow: Token Endpoint and Resource Access
Section 6: Authorization Code Flow: Refresh Tokens
Usage Scenario and Features of the Refresh Flow
Authorization Code Flow: Refreshing Tokens
Section 7: Implicit Flow
Usage Scenarios and Features of the Implicit Flow
Section 8: Client Credentials Flow
Usage Scenarios and Features of the Client Credentials Flow
Section 9: Resource Owner Password Credentials Flow
Usage Scenarios and Features of the Resource Owner Password Credentials Flow
Section 10: Use OAuth to access Facebook
Intro to OAuth on Facebook
Hands On: OAuth Flow on Facebook
OAuth Worksheet for Facebook
Section 11: Use OAuth to access LinkedIn
Intro to OAuth on LinkedIn
Hands On: Client Registration on LinkedIn
Hands On: OAuth Flow on LinkedIn
OAuth Worksheet for LinkedIn
Section 12: Use OAuth to access GMail and other Google Products
Intro to OAuth on Google
Hands On: Client Registration on Google
Hands On: OAuth Flow on Google
OAuth Worksheet for Google
Hands On: The Google OAuth Playground
Section 13: Use OAuth to access Paypal
Intro to OAuth on Paypal
Hands On: Client Registration and OAuth Flow on Paypal
OAuth Worksheet for Paypal
Section 14: Conclusion
Thank you!
Other Learning Resources
Official IETF Specification Document for OAuth 2, RFC 6749

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

Matthias Biehl, Teacher at the API-University

For 7 years Matthias has done consulting work for large international and national companies on software architecture, software development processes and software integration. At some point he got a PhD. Nowadays, Matthias uses his background in software engineering to help companies bring innovative software solutions to the market.

Matthias enjoys sharing his knowledge and experience in the classroom, at in-person workshops, online courses or books. Matthias published several books on software architecture and regularly speaks at technology conferences.

Ready to start learning?
Take This Course