Open Authentication (OAuth) Certificate for Mirosław Bielec
Add to LinkedIn
Certificate ID:
768851
Authentication Code:
75957
Certified Person Name:
Mirosław Bielec
Trainer Name:
Krzysztof Kwaśniewski
Duration Days:
1
Duration Hours:
7
Course Name:
Open Authentication (OAuth)
Course Date:
20 June 2024 09:00 to 16:00
Course Outline:
Introduction
- Overview of OAuth
- Understanding API security
OAuth
- Protocol endpoints
- Scope
- Authorization code for web apps
- Implicit flow for single-page apps
- Client credentials for machines
- Resource owner password credentials
- Long-lived access with refresh tokens
- Choosing the right response mode
- Simplifying OAuth with OAuth 2.1
Native Applications Best Practices
- Unique issues of native apps
- Using PKCE to handle stolen tokens
- Choosing the best redirect URI
Browser-based Application Best Practices
- The security profile of the browser-based app
- OAuth within the browser
- Avoiding OAuth with SameSite cookies
- Securing browser-based apps with backend for frontend
Extending OAuth
- OAuth and Identity with OpenID Connect
- Configuring clients with OAuth metadata
- Authorizing the IoT with the OAuth device flow
- Combining SAML and OAuth with the SAML assertion grant
- Securing Microservices with token exchange
Summary and Next Steps