Introduction to OAuth 2.0 and OpenID Connect

A free 2-hour session on the concepts of OAuth 2.0 and OpenID Connect

Everyone who first learns about OAuth 2.0 and OpenID Connect is confused. There are dozens of specifications with uncommon terminology and hard-to-understand scenarios. Eventually, you will have a working implementation, but questions remain. Why use the complicated redirect, instead of just a custom login form? Is this the right flow for my application? Where do I store tokens, and how can I protect them?

This session helps you clear up the confusion surrounding OAuth 2.0 and OpenID Connect. You will learn about the purpose of these technologies and their concrete use cases. Using examples, we explore current best practice recommendations for using OAuth 2.0 and OpenID Connect. Throughout this session, we also identify which recommendations are likely to become part of the upcoming OAuth 2.1. At the end of this session, you will understand how and where to use OAuth 2.0 and OpenID Connect.

8 more hours of in-depth content in this online course on securing Single Page Applications and APIs with OAuth 2.0 and OpenID Connect!

More information

The latest PDF copy of the slides is available for download here. I have also answered most of the questions asked during the session.

Don't stop now. Keep learning about OAuth 2.0 and OIDC!

Check out the online course

Philippe delivers high-quality, to-the-point and up-to-date trainings about web security. We had him twice at our conference and got only very positive feedback. Do you consider booking him for a training? That's an easy decision: Do it.

Profile picture Thomas Konrad

Thomas Konrad
Organizer of the sec4dev conference