Course Outline

Introduction

  • Overview of OAuth
  • Understanding API security

OAuth

  • Protocol endpoints
  • Scope
  • Authorization code for web apps
  • Implicit flow for single-page apps
  • Client credentials for machines
  • Resource owner password credentials
  • Long-lived access with refresh tokens
  • Choosing the right response mode
  • Simplifying OAuth with OAuth 2.1

Native Applications Best Practices

  • Unique issues of native apps
  • Using PKCE to handle stolen tokens
  • Choosing the best redirect URI

Browser-based Application Best Practices

  • The security profile of the browser-based app
  • OAuth within the browser
  • Avoiding OAuth with SameSite cookies
  • Securing browser-based apps with backend for frontend

Extending OAuth

  • OAuth and Identity with OpenID Connect
  • Configuring clients with OAuth metadata
  • Authorizing the IoT with the OAuth device flow
  • Combining SAML and OAuth with the SAML assertion grant
  • Securing Microservices with token exchange

Summary and Next Steps

Requirements

  • Basic knowledge of web service and API development

Audience

  • Developers
  7 Hours
 

Need help picking the right course?
Call us +971 4871 6715

Testimonials

I genuinely was benefit from the communication skills of the trainer.

Flavio Guerrieri

Loose way of driving

The delivery

- Department for Communities

Depth and breadth of the course. Trainer was excellent also.

- Department for Communities

Examples provided

- Department for Communities

Trainer's vast knowledge

FUJITSU TECHNOLOGY SOLUTIONS SP. Z O.O.

Loose way of driving

Related Courses

CISA - Certified Information Systems Auditor

  28 hours
Description: CISA® is the world-renowned and most popular certification for professionals working in the field of IS audit and IT risk consulting. Our CISA course is an intense, very competitive and exam focused training course. With
Read More...

Building up information security according to ISO 27005

  21 hours
This course will give you the skills to build up information security according to ISO 27005, which is dedicated to information security risk management based on ISO 27001.
Read More...

Open Data Risk Analysis and Management

  21 hours
Open Data is a concept of making data available to everyone for use without restrictions. This instructor-led, live training (online or onsite) focuses on analyzing the risks of Open Data while reducing vulnerability to disaster or data
Read More...

CISM - Certified Information Security Manager

  28 hours
Description: Disclaimer: Please be advised that this updated CISM exam content outline is applicable to exams starting 1 June 2022. CISM® is the most prestigious and demanding qualification for Information Security Managers around the
Read More...

CISMP - Certificate in Information Security Management Principles

  21 hours
A thorough, practical, 3 day course designed to provide the knowledge and skills required to manage information security, information assurance or information risk based processes. The CISMP course is aligned with the latest national
Read More...

Computer Room Security and Maintenance

  14 hours
Network security begins at the physical level. In this instructor-led, live training, participants will learn the security risks related to computer server rooms and how to tighten security through smart practices, planning and technology
Read More...

Cybersecurity Fundamentals

  28 hours
Description: Cybersecurity skills are in high demand, as threats continue to plague enterprises around the world. An overwhelming majority of professionals surveyed by ISACA recognise this and plan to work in a position that requires
Read More...

Honeywell Security System

  14 hours
Honeywell is a home and commercial security systems company that provides tools and options to automate system control and setup a sophisticated security system solutions that work seamlessly. This instructor-led, live training (online or onsite)
Read More...

Network Penetration Testing

  35 hours
This class will help the attendees to scan, test, hack and secure their own systems. To gain an in-depth knowledge and practical experience with the current essential security systems. The attendees will get to know how perimeter defences
Read More...

Public Key Infrastructure

  21 hours
The training is directed to all operating systems administrators, who plan to implement a public key infrastructure based on MS Windows Server 2012 R2 and plan to use qualified electronic signature certificates.  The participants will learn
Read More...

Security Management

  14 hours
Security management is the identification of any organization's assets and implementing of policies and procedures for asset protection, including buildings, systems, and people. This instructor-led, live training (online or onsite) is aimed
Read More...

Security Policy Management

  35 hours
Security policy management is the process of assessing, designing, and implementing rules and procedures at all levels of the organization to protect IT assets and resources. This instructor-led, live training (online or onsite) is aimed at IT
Read More...

DevOps Security: Creating a DevOps Security Strategy

  7 hours
DevOps is a software development approach that aligns application development with IT operations. Some of the tools that have emerged to support DevOps include: automation tools, containerization and orchestration platforms. Security has not kept up
Read More...

NB-IoT for Developers

  7 hours
NB-IoT allows IoT devices to operate over carrier networks such as GSM and "guard bands" between LTE channels. NB-IoT needs only 200kHz of bandwidth and can efficiently connect large numbers of endpoint devices (up to 50,000 per
Read More...