Philippe De Ryck

Hi, I'm Philippe, and I help developers protect companies through better web security. As the founder of Pragmatic Web Security, I travel the world to teach practitioners the ins and outs of building secure software.

Want to learn more about OAuth 2.0 and OpenID Connect?

Save yourself days of digging through dozens of specs with this online course

More information

A free introductory course on OAuth 2.0 and OpenID Connect

Everyone who first learns about OAuth 2.0 and OpenID Connect is confused. There are dozens of specifications with uncommon terminology and hard-to-understand scenarios. That's why I am excited to announce this free introductory course, which is the perfect starting point for your journey into OAuth 2.0 and OpenID Connect. More details are available in this article.

1 July 2020 OAuth 2.0 & OpenID Connect OAuth 2.0, OIDC, Online Courses

The short version: Here’s a direct link to the course.

The long version starts in May 2020, when I live-taught the Mastering OAuth 2.0 and OpenID Connect course. The three-part course started out with an introduction on OAuth 2.0 and OpenID Connect. The second module focused entirely on the secure use of OAuth 2.0 and OpenID Connect in Single Page Applications. In the third module, we took the perspective of the API and investigated how to secure APIs with access tokens.

The course helped a lot of people better understand OAuth 2.0 and OpenID Connect, and the feedback I received was overwhelmingly good. Even after the live sessions, people are interested in viewing the recordings to get an in-depth and unbiased look into the world of OAuth 2.0 and OpenID Connect.

While the content in these videos is great, I don’t believe that the long format offers the best learning experience. That’s why I decided to rework the entire course as a true online course. That means cutting up the content in smaller topics and re-recording each lecture and demo video. The more technical content chunks are written out in easy-to-digest guidelines. Additionally, labs give participants the ability to play around with OAuth 2.0 and OpenID Connect. Finally, knowledge checks and chapter assessments help participants verify if they fully grasped the topics we discussed.

As you can imagine, all of that is an insane amount of work. But with this article, I am happy to announce that the first module of the course is ready!. The Introduction to OAuth 2.0 and OpenID Connect course is available as an online course, free for anyone to follow!

The course contents

Let me tell you how I felt when I started digging into OAuth 2.0 and OpenID Connect a few years ago. I had a hard time understanding what OAuth 2.0 and OpenID Connect were supposed to solve. The terminology made it difficult to understand what the spec was even talking about. And the flows! Each use case had a different flow, and the differences between the flows are often tiny details.

This introductory course saves you those countless hours of frustratingly digging around for OAuth 2.0 and OpenID Connect to make sense. This course helps you understand what problems OAuth 2.0 and OpenID Connect are trying to solve. With that knowledge, you will gain a better understanding of what these technologies can do and how you can use them to secure an application. At the end of the course, you will have a basic understanding of OAuth 2.0 and OpenID Connect, giving you the perfect starting point to deepend your knowledge.

The course is divided into six content chapters:

  1. The conceptual idea of OAuth 2.0 and OIDC
  2. Using Oauth 2.0 with backend web clients
  3. Introducing OpenID Connect
  4. Mobile and native clients
  5. Frontend web clients
  6. Additional flows

Each of these chapters is divided into lessons, which consist of video lectures, written explanations, quiz-based assessments, and hands-on assignments. The course is designed to give you an optimal learning experience and allows you to self-assess your understanding of the covered topics.

Testimonials

Profile picture Jochen Hammann
Jochen Hammann

Mastering OAuth2 and OpenID Connect was one of the best courses I attended. Philippe is a great instructor. He has the gift of explaining complex topics in a very understandable and structured way. The presentations were perfectly prepared. I can recommend this course to anyone who is professionally involved with this topic. I am looking forward to the next course from Philippe. Great work. Thank you very much.

Profile picture Marlene Veum
Marlene Veum

Philippe is a gifted educator and technical security advisor! I recently enrolled in Philippe's "Introduction and Mastering OAuth 2.0 and OpenID Connect" online training courses and was very impressed with the content and technical depth covered in the course. I had been looking for a quality course in OAuth 2.0/OIDC, for developers, and nothing fit the bill from a security standpoint. In fact, I think there is a lot of misinformation in this area, and to be fair it is a complex domain.

Philippe’s training course is ideal for developers and security engineers. He never assumes prior knowledge and is careful to explain basic principles succinctly. He skillfully covers advanced topic by providing building blocks of knowledge throughout the course. Philippe also has excellent resources to support the training lectures and reinforce secure design principles. Thank you Philippe for providing high-quality and accurate security content and your passion to share it with others.

Profile picture Rocco Gränitz
Rocco Gränitz

There are many security experts but only a few have a talent for presentations and lectures.

I met Philippe as an outstanding expert and speaker at the SecAppDev conference he regularly organizes. This is why I was looking forward to this course and invited other colleagues of mine to participate in this course as well.

And he delivered :) I can say that the course is one of the best courses I have ever attended! Although I already knew a lot of the content, Philippe enriched the course with interesting examples and recent news from the OAuth Working Group. Philippe managed to reduce the complexity to the essentials and to explain complicated sounding schemes like PKCE in a clear and understandable way, even for non-technical people.

Highly recommended for all developers or security people who want to get a clear understanding of OAuth and OIDC.

Profile picture Bruno Winck
Bruno Winck

I came across this course by chance last week and jumped on the opportunity to join. I feel very lucky I did. Philippe knows his stuff and explains it well.

It's a complex domain, and it takes time to gather the documentation, process it, validate various resources, and try different options. This intensive course offers a shortcut. Within a few hours, we reached the master level. Even more advanced questions got answered in the Q&A. The content is also cutting edge, only a few days or weeks behind the last discussions of the working group, or the latest changes in browsers.

I now have the confidence to make design decisions, make implementations, and anticipate coming changes. Soon, I will even start using the advanced delegation scheme discussed at the end, which seemed far-fetched at the time. After hearing about it, it all just makes sense!

I would have never heard about it if it wasn't for Philippe's masterclass.

Why a free course?

OAuth 2.0 and OpenID Connect are rapidly gaining in popularity. Virtually every enterprise application is relying on OAuth 2.0 for delegated access and OpenID Connect for delegated authentication. Additionally, many frontend application scenarios are starting to use these technologies as well.

I know from first hand experience how difficult it can be to find your way in the confusing landscape of OAuth 2.0 and OpenID Connect. By making this course freely available, I am hoping to save thousands of developers from that same frustration. With a solid introduction to the core concepts and use cases, you can literally save weeks or months of research.

So what are you waiting for? Sign up now to start learning!

How to access the course

The full Introduction to OAuth 2.0 and OpenID Connect is available on my online course platform. To access the free course, you need to sign up as a learner first. Once you have done so, you will be able to enroll in the course and start learning.

What comes after the course?

When you’re done with the course, you will have a solid understanding of the purpose of OAuth 2.0 and OpenID Connect. You will also be up to speed with current best practices for a couple of scenarios.

At this point, I would like to ask you to share the course with your network so other people also have the opportunity to learn.

And if you are ready for more, then take a look at the Mastering OAuth 2.0 and OpenID Connect course bundle. The other modules in that course are available as a recorded lecture, but are being reworked into an online course. While we are working on that, you have the opportunity to purchase the entire bundle at a discount. Don’t miss that chance!



About Dr. Philippe De Ryck

Hi, I'm Philippe, and I help developers protect companies through better web security. Learn more about my security training program, advisory services, or check out my recorded conference talks.

Want to learn more about OAuth 2.0 and OpenID Connect?

Save yourself days of digging through dozens of specs with this online course

More information
Philippe De Ryck

Dr. Philippe De Ryck

Hi, I'm Philippe, and I help developers protect companies through better web security. As the founder of Pragmatic Web Security, I travel the world to teach practitioners the ins and outs of building secure software.


Talks and workshops

You will often find me speaking and teaching at public and private events around the world. My talks always encourage developers to step up and get security right.


Articles

Security is often about small nuances. In my articles, I dive deeper into various security topics, providing concrete guidelines and advice. My articles also answer questions I often get while speaking or teaching.


Security resources

Getting security right is all about knowledge. I strongly believe in sharing that knowledge to move forward as a community. Among my resources, you can find developer cheat sheets, recorded talks, and extensive slide decks.


Mailing list

Subscribe to the Pragmatic Web Security mailing list to stay up to date on the latest activities and resources.

Subscribe

\