Course Outline

Introduction

  • Overview of OAuth
  • Understanding API security

OAuth

  • Protocol endpoints
  • Scope
  • Authorization code for web apps
  • Implicit flow for single-page apps
  • Client credentials for machines
  • Resource owner password credentials
  • Long-lived access with refresh tokens
  • Choosing the right response mode
  • Simplifying OAuth with OAuth 2.1

Native Applications Best Practices

  • Unique issues of native apps
  • Using PKCE to handle stolen tokens
  • Choosing the best redirect URI

Browser-based Application Best Practices

  • The security profile of the browser-based app
  • OAuth within the browser
  • Avoiding OAuth with SameSite cookies
  • Securing browser-based apps with backend for frontend

Extending OAuth

  • OAuth and Identity with OpenID Connect
  • Configuring clients with OAuth metadata
  • Authorizing the IoT with the OAuth device flow
  • Combining SAML and OAuth with the SAML assertion grant
  • Securing Microservices with token exchange

Summary and Next Steps

Requirements

  • Basic knowledge of web service and API development

Audience

  • Developers
  7 Hours
 

Testimonials

Related Courses

CISA - Certified Information Systems Auditor

  28 hours

Building up information security according to ISO 27005

  21 hours

Open Data Risk Analysis and Management

  21 hours

CISM - Certified Information Security Manager

  28 hours

CISMP - Certificate in Information Security Management Principles

  21 hours

Computer Room Security and Maintenance

  14 hours

Cybersecurity Fundamentals

  28 hours

Honeywell Security System

  14 hours

Network Penetration Testing

  35 hours

Public Key Infrastructure

  21 hours

Security Management

  14 hours

Security Policy Management

  35 hours

DevOps Security: Creating a DevOps Security Strategy

  7 hours

NB-IoT for Developers

  7 hours