Introduction to OAuth 2.0 and OpenID Connect
This page contains the resources for the talk titled 'Introduction to OAuth 2.0 and OpenID Connect'.
OAuth is a delegation framework that appears on the radar of security professionals and developers more and more every day. OAuth intersects with authentication and access control, yet you would not likely use OAuth in and of itself for authentication, session management or access control in your applications. Even more confusing, OAuth is not a standard, and various service providers will likely have different implementations. Let's say it again, OAuth is not a standard - its a framework for delegation. So this leaves us with questions! What is delegation? Where does OAuth fit in? How can I securely use OAuth?
To add more confusion to this topic, OpenID Connect was built on top of OAuth 2.0. OpenID Connect has become an industry-leading standard for user identification. It is used by many of the largest organizations on the web. When implemented properly, OpenID Connect can be a reliable and secure solution for user identification. When used improperly, OpenID Connect can leave a gaping hole in your infrastructure that leaks significant capabilities to unwanted parties.
This talk will provide an introduction to both topics and what their intended use is really for.
About Dr. Philippe De Ryck
Philippe De Ryck helps developers protect companies through better web security. As the founder of Pragmatic Web Security, he travels the world to train developers on web security and security engineering. His Ph.D. in web security from KU Leuven lies at the basis of his exceptional knowledge of the security landscape. Google recognizes Philippe as a Google Developer Expert for his work on security in Angular applications.
Dr. Philippe De Ryck
Hi, I'm Philippe, and I help developers protect companies through better web security. As the founder of Pragmatic Web Security, I travel the world to teach practitioners the ins and outs of building secure software.
Talks and workshops
Getting security right is all about knowledge. I strongly believe in sharing that knowledge to move forward as a community. Among my resources, you can find developer cheat sheets, recorded talks, and extensive slide decks.
Subscribe to the Pragmatic Web Security mailing list to stay up to date on the latest activities and resources.