Securing APIs with OAuth 2.0 (and OIDC)

Learn current best practices and trade-offs for securing APIs

OAuth 2.0 has become the de facto standard for securing modern APIs. OAuth 2.0 itself does not protect your API, but it provides you the framework to make consistent authorization decisions for different types of clients. But before you get there, you will have to figure out a lot of details. Do you use reference tokens or self-contained tokens? What is token introspection, and you need it? How do you revoke tokens? How do you secure server-to-server API calls?

In this session, we guide you into making these decisions. You will learn about reference tokens and self-contained tokens, their advantages and disadvantages. We dive into handling authorization with OAuth 2.0, using scopes and fine-grained permissions. We also dig deeper into using OAuth 2.0 to secure machine-to-machine communication between backend services. At the end of this session, you will have learned to tame the versatility of OAuth 2.0 to secure your APIs.

Stop struggling today!

Register now to access a crystal-clear explanation of OAuth 2.0 and OpenID Connect

Start learning now

What you will get ...

This course is the third module in the Mastering OAuth 2.0 and OpenID Connect course bundle. Purchasing the bundle gives you immediate access to 10+ hours of recorded live training material from May 2020.

Each of the three course modules in the bundle consists of recorded lectures and demos, along with an extensive Q&A.

The full course bundle is currently being rebuilt as a true online learning experience, with topical lessons, assessments, and course completion certificates. Signing up for this course gives you full access to the reworked course when it is released.

If you have further questions, don't hesitate to reach out (courses@pragmaticwebsecurity.com).