OAuth 2.0: Nailed the core framework with hands dirty.

KeyCloak, Golang, React + Router + Bootstrap, Github’s OAuth. OAuth 2.0 RFCs

Ratings 4.44 / 5.00
OAuth 2.0: Nailed the core framework with hands dirty.

What You Will Learn!

  • Create a personal OAuth 2.0 playground in a virtual machine.
  • The fundamentals of the OAuth 2.0 framework.
  • Develop projects from scratch and secure them with OAuth 2.0
  • Attack your own projects
  • Apply some best practices like PKCE.
  • A touch on OpenID Connect.
  • Integrate our projects with Github’s OAuth application.

Description

In this course, we will start learning Oauth2 by using a production-ready Authorization Server such as Keycloak at the beginning. That sounds reasonable, but why do we do that?

By using a correct implementation authorization server at the beginning, it prevents us from going in the wrong way by ensuring that the authorization server complies with the Oauth 2.0 specification correctly. Besides, we can peacefully focus on how a client communicates with the authorization server in various different flows that are available and waiting for us to learn them and understand them. At the end of the day, it is less likely that one will use the Authorization server written from scratch for their production. And more importantly, we are focusing on fundamentals as our first priority. We wanted to divide the huge concept apart and conquer each small enough pieces that can be easily comprehended from the ground up.

Hence we offload what we haven’t focused yet to another piece of software we believe it implements correctly. Once we understand ins and outs all relevant theories, then our implementation will hardly go wrong if we really wanted to implement an Authentication server ourselves, In addition, the Authorization server is unarguably a complex system. So again, we won’t implement an authorization server in this course.

After we develop the OAuth 2.0 client and protected-resource. The protected resource will be a simple service that exposes APIs. Then we protected them with the Oauth2 framework. And with all solid understanding of the fundamental of how an authorization server behaves, plus the familiarity with RFC6749. Then we can at least implement a simple authorization server with joy.

Let’s imagine that, if this course was designed completely opposite direction, that is to guide you to start building the Authorization server at the beginning, it will draw a lot of energy from us. It will keep us juggling all OAuth's roles at once, and possibly take time to correct any mistakes that may occur from misunderstanding the concept and hence it could possibly take longer to achieve that same goal. That is why this course is carefully designed to deeply understand the Oauth 2.0 framework.

For more information and more specialty, please find my blog under my profile picture.

Who Should Attend!

  • This course is for a newcomer who wants to understand the core concept of the OAuth.
  • This course doesn’t cover all the best practices of the IETF’s draft topic.

TAKE THIS COURSE

Tags

  • OAuth

Subscribers

723

Lectures

73

TAKE THIS COURSE



Related Courses