OAuth 2.0: Nailed the core framework with hands dirty.
OAuth 2.0: Nailed the core framework with hands dirty., available at $19.99, has an average rating of 4.6, with 73 lectures, based on 126 reviews, and has 728 subscribers.
You will learn about Create a personal OAuth 2.0 playground in a virtual machine. The fundamentals of the OAuth 2.0 framework. Develop projects from scratch and secure them with OAuth 2.0 Attack your own projects Apply some best practices like PKCE. A touch on OpenID Connect. Integrate our projects with Github’s OAuth application. This course is ideal for individuals who are This course is for a newcomer who wants to understand the core concept of the OAuth. or This course doesn’t cover all the best practices of the IETF’s draft topic. It is particularly useful for This course is for a newcomer who wants to understand the core concept of the OAuth. or This course doesn’t cover all the best practices of the IETF’s draft topic.
Enroll now: OAuth 2.0: Nailed the core framework with hands dirty.
Summary
Title: OAuth 2.0: Nailed the core framework with hands dirty.
Price: $19.99
Average Rating: 4.6
Number of Lectures: 73
Number of Published Lectures: 73
Number of Curriculum Items: 73
Number of Published Curriculum Objects: 73
Original Price: $19.99
Quality Status: approved
Status: Live
What You Will Learn
- Create a personal OAuth 2.0 playground in a virtual machine.
- The fundamentals of the OAuth 2.0 framework.
- Develop projects from scratch and secure them with OAuth 2.0
- Attack your own projects
- Apply some best practices like PKCE.
- A touch on OpenID Connect.
- Integrate our projects with Github’s OAuth application.
Who Should Attend
- This course is for a newcomer who wants to understand the core concept of the OAuth.
- This course doesn’t cover all the best practices of the IETF’s draft topic.
Target Audiences
- This course is for a newcomer who wants to understand the core concept of the OAuth.
- This course doesn’t cover all the best practices of the IETF’s draft topic.
In this course, we will start learning Oauth2 by using a production-ready Authorization Server such as Keycloak at the beginning. That sounds reasonable, but why do we do that?
By using a correct implementation authorization server at the beginning, it prevents us from going in the wrong way by ensuring that the authorization server complies with the Oauth 2.0 specification correctly. Besides, we can peacefully focus on how a client communicates with the authorization server in various different flows that are available and waiting for us to learn them and understand them. At the end of the day, it is less likely that one will use the Authorization server written from scratch for their production. And more importantly, we are focusing on fundamentals as our first priority. We wanted to divide the huge concept apart and conquer each small enough pieces that can be easily comprehended from the ground up.
Hence we offload what we haven’t focused yet to another piece of software we believe it implements correctly. Once we understand ins and outs all relevant theories, then our implementation will hardly go wrong if we really wanted to implement an Authentication server ourselves, In addition, the Authorization server is unarguably a complex system. So again, we won’t implement an authorization server in this course.
After we develop the OAuth 2.0 client and protected-resource. The protected resource will be a simple service that exposes APIs. Then we protected them with the Oauth2 framework. And with all solid understanding of the fundamental of how an authorization server behaves, plus the familiarity with RFC6749. Then we can at least implement a simple authorization server with joy.
Let’s imagine that, if this course was designed completely opposite direction, that is to guide you to start building the Authorization server at the beginning, it will draw a lot of energy from us. It will keep us juggling all OAuth’s roles at once, and possibly take time to correct any mistakes that may occur from misunderstanding the concept and hence it could possibly take longer to achieve that same goal. That is why this course is carefully designed to deeply understand the Oauth 2.0 framework.
For more information and more specialty, please find my blog under my profile picture.
Course Curriculum
Chapter 1: Setup environment
Lecture 1: Course Overview.
Lecture 2: Why don’t we implement an authorization server?
Lecture 3: Choosing between Virtual Machine and Docker
Lecture 4: Planning Development Environment.
Lecture 5: Why don’t I provide a project code?
Lecture 6: Prerequisite checklist.
Lecture 7: Vagrant Up.
Lecture 8: Install KeyCloak
Lecture 9: Configure KeyCloak accessible from host OS.
Chapter 2: Building OAuth’s Client.
Lecture 1: What is OAuth’s Client
Lecture 2: Setup Golang Environment.
Lecture 3: “Hello world” Client-Server Web Application.
Lecture 4: Sketch out OAuth Client.
Lecture 5: Add admin user to Authorization Server.
Lecture 6: Register Client to OAuth server & Obtain Authorization code.
Lecture 7: Processing the Authorization Code response.
Lecture 8: Added Resource Owner Logout Functionality.
Lecture 9: Improve UI & Code Refactoring
Lecture 10: Adding CSS & Improve UI Layout with Bootstrap.
Lecture 11: Exchange for an Access token.
Lecture 12: Extracting Access token.
Lecture 13: Authorization code flow recap.
Lecture 14: Logging
Chapter 3: Building a Protected Resource.
Lecture 1: Protected Resource Overview
Lecture 2: Simple Unprotected Resource
Lecture 3: Client – Resource Communication.
Lecture 4: Protecting Resource
Lecture 5: Access Token Validation Theories.
Lecture 6: Access Token Validation implementation.
Lecture 7: Update the Client to send access token in the request.
Lecture 8: Enforce permission with Access Token Scopes
Lecture 9: Client handles the bad responses from a protected resource.
Lecture 10: Adding scopes to Client Application.
Lecture 11: Offline Access Token Validation Overview.
Chapter 4: Continue building OAuth’s Client the right way.
Lecture 1: Exchange for Access token after redirect.
Lecture 2: Remove Exchange Token Endpoint.
Lecture 3: Your client has a flaw. Fishing for authCode
Lecture 4: Protect your client from cross-site
Lecture 5: Authorization Code flow Summary
Chapter 5: Implicit Grant Flow
Lecture 1: Why implicit Grant
Lecture 2: Implicit Grant flow
Lecture 3: Build a client with React
Lecture 4: Setup React Router and code skeleton.
Lecture 5: Get access Token
Lecture 6: Store Access token in React
Lecture 7: Access protected resources
Lecture 8: Fixing CORS and uses Optional Scope parameter
Lecture 9: Render result in React
Lecture 10: Implicit grant flow Summary.
Chapter 6: Resource Owner Password Credentials Grant
Lecture 1: Resource Owner Password Credentials Grant Flow diagram.
Lecture 2: Resource Owner Password Credentials Grant Flow in action.
Lecture 3: When to use Resource Owner Password Credentials Grant
Chapter 7: Client Credential Grant
Lecture 1: Client credential grant flow.
Lecture 2: Client credential grant flow in action
Chapter 8: Extension Grants
Lecture 1: Extension grants
Chapter 9: Fine-grain Topics
Lecture 1: Refresh token
Chapter 10: Realworld Scenarios
Lecture 1: Use GitHub as Identity Provider (IdP)
Lecture 2: Bad service reuse Access Token problem.
Lecture 3: Solution for Bad service reuse Access Token problem
Lecture 4: Solution analysis for a reused access token.
Lecture 5: Build Evil service
Lecture 6: Protect Good Service From a call by evil service.
Lecture 7: Exerciser Handle unmarshal audience problem.
Lecture 8: Solution Handle unmarshalled audience problem.
Lecture 9: Consent.
Lecture 10: Understand OpenID Connect (OIDC) + Hands-on.
Lecture 11: Interception Attack And Proof Key for Code Exchange (PKCE).
Lecture 12: PKCE concept.
Lecture 13: PKCE in action.
Lecture 14: PKCE in action Continue.
Chapter 11: Course summary
Lecture 1: Course summary
Lecture 2: Useful links
Lecture 3: Thank you, but not goodbye.
Instructors
-
Charnnarong Chomthiang
Software integration specialist
Rating Distribution
- 1 stars: 3 votes
- 2 stars: 3 votes
- 3 stars: 12 votes
- 4 stars: 46 votes
- 5 stars: 62 votes
Frequently Asked Questions
How long do I have access to the course materials?
You can view and review the lecture materials indefinitely, like an on-demand channel.
Can I take my courses with me wherever I go?
Definitely! If you have an internet connection, courses on Udemy are available on any device at any time. If you don’t have an internet connection, some instructors also let their students download course lectures. That’s up to the instructor though, so make sure you get on their good side!
- Digital Marketing Foundation Course
- Google Shopping Ads Digital Marketing Course
- Multi Cloud Infrastructure for beginners
- Master Lead Generation: Grow Subscribers & Sales with Popups
- Complete Copywriting System : write to sell with ease
- Product Positioning Masterclass: Unlock Market Traction
- How to Promote Your Webinar and Get More Attendees?
- Digital Marketing Courses
- Create music with Artificial Intelligence in this new market
- Create CONVERTING UGC Content So Brands Will Pay You More
- Podcast: The top 8 ways to monetize by Podcasting
- TikTok Marketing Mastery: Learn to Grow & Go Viral
- Free Digital Marketing Basics Course in Hindi
- MailChimp Free Mailing Lists: MailChimp Email Marketing
- Automate Digital Marketing & Social Media with Generative AI
- Google Ads MasterClass – All Advanced Features
- Online Course Creator: Create & Sell Online Courses Today!
- Introduction to SEO – Basic Principles of SEO
- Affiliate Marketing For Beginners: Go From Novice To Pro
- Effective Website Planning Made Simple
