Introduction to OAuth 2.0 and OpenID Connect

An overview of common use cases and current best practices

Everyone who first learns about OAuth 2.0 and OpenID Connect is confused. There are dozens of specifications with uncommon terminology and hard-to-understand scenarios. Eventually, you will have a working implementation, but questions remain. Why use the complicated redirect, instead of just a custom login form? Is this the right flow for my application? Where do I store tokens, and how can I protect them?

This introduction course helps you clear up the confusion surrounding OAuth 2.0 and OpenID Connect. You will learn about the purpose of these technologies and their concrete use cases. At the end of this session, you will understand how and where to use OAuth 2.0 and OpenID Connect.

Stop struggling today!

Start learning about OAuth 2.0 and OpenID Connect with this free introductory course
(signup required)

Start learning now

Course curriculum

Browse through the full course outline below

  • 1

    Introduction

    • Course introduction

    • Course overview

    • Learner’s guide
  • 2

    The conceptual idea of OAuth 2.0 and OIDC

    • Chapter introduction

    • The need for OAuth 2.0 and OIDC

    • The concept of OAuth 2.0 and OIDC

    • Terminology overview

    • Practical deployment scenarios

    • Setting up your own STS

    • Test your knowledge
  • 3

    Using OAuth 2.0 with backend web clients

    • Chapter introduction

    • A backend client scenario

    • Client registration

    • Registering a backend client

    • The Authorization Code flow

    • The Authorization Code flow in practice

    • Running an Authorization Code flow

    • Test your knowledge

    • Using refresh tokens

    • The Refresh Token flow in practice

    • Running a Refresh Token flow

    • Test your knowledge

    • Recapping the Authorization Code flow

    • Overview of best practices

    • Chapter assessment

    • References

    • Q & A

    • Spread the word
  • 4

    Introducing OpenID Connect

    • Chapter introduction

    • The need for OpenID Connect

    • Running an OIDC flow

    • OIDC in practice

    • Running an OIDC flow

    • Test your knowledge

    • User registration and authentication

    • Alternative OIDC flows

    • Overview of best practices

    • Chapter assessment

    • References

    • Q & A
  • 5

    Mobile and native clients

    • Chapter introduction

    • A native client scenario

    • Introducing PKCE

    • The details behind PKCE

    • Running a flow with PKCE

    • Test your knowledge

    • Additional security considerations

    • Overview of best practices

    • Chapter assessment

    • References

    • Q & A
  • 6

    Frontend web clients

    • Chapter introduction

    • A frontend client scenario

    • From the Implicit flow to PKCE

    • Comparing the Implicit flow to PKCE

    • Additional security considerations

    • Test your knowledge

    • Recapping PKCE for frontend web clients

    • Overview of best practices

    • Chapter assessment

    • References

    • Q & A
  • 7

    Additional flows

    • Chapter introduction

    • Introducing the Device flow

    • The Client Credentials flow

    • Test your knowledge

    • References

    • Q & A
  • 8

    Summary and conclusion

    • Summary

    • Conclusion

    • Spread the word

    • What’s next?

What you will get ...

By signing up, you get full access to the free Introduction to OAuth 2.0 and OpenID Connect course. That includes access to the lectures, demos, assignments, assessments, and more.

This free course is the first module in the Mastering OAuth 2.0 and OpenID Connect course bundle. The second module focuses on securing the use of OAuth 2.0 and OpenID Connect in Single Page Applications. The third module gives an in-depth look at securing APIs with OAuth 2.0. Access to the second and third module is available by purchasing the course bundle.

If you have further questions, don't hesitate to reach out ([email protected]).

Testimonials

Student feedback on the Mastering OAuth 2.0 and OpenID Connect course bundle

Jochen Hammann

Technical lead at Servicetrace

Mastering OAuth 2.0 and OpenID Connect was one of the best courses I attended. Philippe is a great instructor. He has the gift of explaining complex topics in a very understandable and structured way. The presentations were perfectly prepared. I can recommend this course to anyone who is professionally involved with this topic.

I am looking forward to the next course from Philippe. Great work. Thank you very much.

Bruno Winck

Founder at Kneaver Corp

I came across this course by chance last week and jumped on the opportunity to join. I feel very lucky I did. Philippe knows his stuff and explains it well.

It's a complex domain, and it takes time to gather the documentation, process it, validate various resources, and try different options. This intensive course offers a shortcut.

Within a few hours, we reached the master level. Even more advanced questions got answered in the Q&A. The content is also cutting edge, only a few days or weeks behind the last discussions of the working group, or the latest changes in browsers.

I now have the confidence to make design decisions, make implementations, and anticipate coming changes. Soon, I will even start using the advanced delegation scheme discussed at the end, which seemed far-fetched at the time. After hearing about it, it all just makes sense!

I would have never heard about it if it wasn't for Philippe's masterclass.