Modern web applications are often backed by an API. These APIs depend on OAuth 2.0 to implement access control. Since OAuth 2.0 is a delegation framework, implementing access control is not as simple as it seems. In this course, we look at the architecture of a back-end application using OAuth 2.0, and investigate the security properties of various kinds of access tokens. We also look at the importance of token introspection, and how to use that data to make access control decisions.
Delivery: eLearning
Duration: 1 hour 30 minutes
Level: Intermediate
Intended Audience
Prerequisites
Introduction
Authentication, Authorization, and OAuth 2.0
Different Access Token Types
Handling Incoming Access Tokens
Restricting Access Using Well-Defined Scopes
Implementing Access Control Using OAuth 2.0
Token Handling Pitfalls and Best Practices
More Advanced Topics
Equip development teams with the skills and education to write secure code and fix issues faster