close search bar

Sorry, not available in this language yet

close language selection

OpenID Connect

Description

Single sign-on and federated identity on the web have long been a nightmare. Overly complex XML-based systems are hard to implement in an interoperable way. OAuth 2.0 seems like a good solution but was never built for authentication. As a consequence, many OAuth 2.0-based authentication systems are insecure.

Enter OpenID Connect. Designed for authentication and built on top of OAuth 2.0, OpenID Connect addresses many problems developers have struggled with over the years. This course positions OpenID Connect and explores how to authenticate end users against an identity provider. By applying these principles, you can significantly improve the architecture of your application.

 

Learning Objectives

  • Position OpenID Connect in the world of web-based delegation and identity federation systems
  • Implement a secure OpenID Connect flow for various types of web applications
  • Understand how identity providers offer SSO solutions and advanced session management mechanisms
  • Use dynamic discovery to load the necessary information from the identity provider
  • Use additional security features to fine-tune the security properties of OpenID Connect flows

Details

Delivery Format: eLearning

Duration: 1 Hour

Level: Advanced

Intended Audience: 

  • Back-end developers
  • Front-end developers
  • Enterprise developers
  • Architects
Competencies:
  • Basic understanding of web development and HTTP
  • Basic understanding of authentication and access control
  • Basic understanding of cryptography
  • Basic understanding of OAuth 2.0
Prerequisites:

 

Course Outline

Introduction to OpenID Connect
  • Single Sign-On and Federated Identity
  • Pseudo-Authentication with OAuth 2.0
  • OpenID Connect
  • OpenID Connect Alternatives

OpenID Connect Flows

  • The Authorization Code Flow
  • The Hybrid Flow
  • The Implicit Flow
  • The Password Flow

Authenticating End Users

  • Dissecting the Authentication Response
  • Validating an Identity Token
  • Providing Additional User Information
  • Querying the userinfo Endpoint
  • Client Control over Returned Claims

Single Sign-On with OpenID Connect

  • Using a Centralized Identity Provider
  • End-User Involvement
  • Session Management and Single Logout

Discovery and Dynamic Configuration

  • Discovering the OIDC Configuration
  • Discovering Key Material

Advanced OpenID Connect Topics

  • Using a Request Object
  • Encrypting Tokens and Responses
  • Client Registration

Concluding OpenID Connect

  • OpenID Connect Flows
  • End-User Authentication
  • Configurability and Control

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster