-
Notifications
You must be signed in to change notification settings - Fork 1
Overview
Hi and welcome to introduction to OAuth2, OpenID Connect and JSON Web Tokens. That's a pretty long title but it accurately describes what we're going to do over the next approximately two hours.
I want to introduce you to a set of new technologies that are designed to work together and build the security foundation for writing modern applications. So, our course of events will be that I first want to introduce you to, like give you the high-level overview of these technologies. which, which technology to use in which situation, and what the intention is how they, how they should be used and so on. And one thing that both OAuth2 and OpenID have in common is that they're dealing with so-called security tokens. And the, the, defecto standard today when building new applications is a thing called the JSON Web Token which is a security token format which is relatively new. But works very well for our use cases here. So, I'm, I going to first introduce you to debt concept. And then we have a look at OAuth2. What it's supposed to do and what it's not, not very good for. We have a look at what we call the so-called OAuth Flows that are various protocol variations. How to do the interaction between the various parties that work together in OAuth2. And afterwards we have a look at OpenID Connect which is a authentication protocol that is built on top of OAuth2. And we also have two appendixes. And one is so when you look around on the Internet you find a pretty extensive discussion on OAuth2 and its security properties. And if it's working or if it's not working and there are all kinds of opinions about that. So, I thought I should dedicate a whole appendix to that so we have a look at what these people think is good and what people think isn't good. And what's my take on that and to get a good understanding where these things fit in. And I also want to give you like a, a little further reading list and some pointers to libraries and open source projects, and so on. Stuff that you can that is useful when working with these technologies.