Securely Granting Access to an API Using OAuth 2.0


Modern web applications are often backed by APIs. These APIs depend on OAuth 2.0 to implement access control. Since OAuth 2.0 is a delegation framework, implementing access control is not as simple as it seems. In this course, we look at the architecture of a back-end application using OAuth 2.0. We investigate the security properties of different kinds of access tokens. We also look at the importance of token introspection, and how to use that data to make access control decisions.

Course Themes

  • The relationship between authentication, authorization, and OAuth 2.0
  • Fitting OAuth 2.0 into the security architecture of an API
  • Using the access token for authorization decisions

Learning Objectives

  • Explain the difference between the different flavors of access tokens.
  • Explain the role of a token introspection endpoint.
  • Define a custom set of scopes for fine-grained access control.
  • Secure access to an API using OAuth 2.0.


Delivery Format: eLearning

Duration: 45 minutes

Level: Intermediate

Intended Audience: 

  • Architects
  • Back-End Developers


  • Basic understanding of web mechanics
  • Basic understanding of OAuth 2.0 concepts

Prerequisites: OAuth 2.0 Security


Get more course information

250 / 250

More courses you might like