Securely Granting Access to an API Using OAuth 2.0

Course Description

Modern web applications are often backed by APIs. These APIs depend on OAuth 2.0 to implement access control. Since OAuth 2.0 is a delegation framework, implementing access control is not as simple as it seems. In this course, we look at the architecture of a back-end application using OAuth 2.0. We investigate the security properties of different kinds of access tokens. We also look at the importance of token introspection, and how to use that data to make access control decisions.

Course Themes

  • The relationship between authentication, authorization, and OAuth 2.0
  • Fitting OAuth 2.0 into the security architecture of an API
  • Using the access token for authorization decisions

Learning Objectives

  • Explain the difference between the different flavors of access tokens.
  • Explain the role of a token introspection endpoint.
  • Define a custom set of scopes for fine-grained access control.
  • Secure access to an API using OAuth 2.0.

Details

Delivery: eLearning

Duration: 45 minutes

Level: Introductory

Intended Audience:

  • Back-End Developers
  • Architects

Competencies: 

  • Basic understanding of web mechanics
  • Basic understanding of OAuth 2.0 concepts

Prerequisites: 

Get more course information


250 / 250