Course Outline
Introduction
- Overview of OAuth
- Understanding API security
OAuth
- Protocol endpoints
- Scope
- Authorization code for web apps
- Implicit flow for single-page apps
- Client credentials for machines
- Resource owner password credentials
- Long-lived access with refresh tokens
- Choosing the right response mode
- Simplifying OAuth with OAuth 2.1
Native Applications Best Practices
- Unique issues of native apps
- Using PKCE to handle stolen tokens
- Choosing the best redirect URI
Browser-based Application Best Practices
- The security profile of the browser-based app
- OAuth within the browser
- Avoiding OAuth with SameSite cookies
- Securing browser-based apps with backend for frontend
Extending OAuth
- OAuth and Identity with OpenID Connect
- Configuring clients with OAuth metadata
- Authorizing the IoT with the OAuth device flow
- Combining SAML and OAuth with the SAML assertion grant
- Securing Microservices with token exchange
Summary and Next Steps
Requirements
- Basic knowledge of web service and API development
Audience
- Developers
Testimonials
See above
Sharon Woodcock - KPMG LLP
Interaction between the trainer and other students. Size was about right.
Sajid Ibrahim - KPMG LLP
Trainer had very good rapport with the attendees. He used practical examples and videos to better explain the more complicated/stodgy subjects. Good use of visual aids to better enable understanding for visual learners such as myself.
KPMG LLP
The training was paced well and was very engaging. With some virtual training, it's very easy to 'switch off', however the content and presentation made the course enjoyable and interesting.
Victoria Orchard - KPMG LLP
Trainer's vast knowledge
FUJITSU TECHNOLOGY SOLUTIONS SP. Z O.O.
Examples provided
- Department for Communities
Depth and breadth of the course. Trainer was excellent also.
- Department for Communities
The delivery
- Department for Communities
Openess of trainer, his knowledge and especially real world examples/
Joanna Banaszewska, EY GLOBAL SERVICES (POLAND) SP Z O O
The trainer has a really good knowledge, clear English speech and explains everything in detail, draws schemes and provides documentation.
Rafal Kawalek - Joanna Banaszewska, EY GLOBAL SERVICES (POLAND) SP Z O O
He shared his experience in the industry and gave live examples and taught us even with a black board which was helpful.
Joanna Banaszewska, EY GLOBAL SERVICES (POLAND) SP Z O O
Real-life scenarios provided by trainer, like real-life implementations solutions etc.
Joanna Banaszewska, EY GLOBAL SERVICES (POLAND) SP Z O O
Materials, trainer attitude, tips and tricks shared.
Joanna Banaszewska, EY GLOBAL SERVICES (POLAND) SP Z O O
Knowledge of the trainer and the way he have delivered it. He was very interactive and kept the audience engaged.
Susmit Nath - Joanna Banaszewska, EY GLOBAL SERVICES (POLAND) SP Z O O
Sharing real world experience with the audience and real time drawing style.
Piotr Ponitka - Joanna Banaszewska, EY GLOBAL SERVICES (POLAND) SP Z O O
When Tony used examples or showed us kit or said things in his own words, he has lots to impart.
Khadija Ukadia, KPMG LLP
Trainers experience was evident and his examples from personal experience helped frame the context of the course.
Khadija Ukadia, KPMG LLP
It is well structured.