- Видео 153
- Просмотров 1 270 804
Jan Goebel
Германия
Добавлен 6 янв 2019
Building real-world, production-ready applications. Opinions are my own.
Portfolio: jangoebel.com
Blog: productioncoder.com
Portfolio: jangoebel.com
Blog: productioncoder.com
OAuth 2.0 - a dead simple explanation
X: _jgoebel
Website: jangoebel.com
00:00 What is OAuth 2.0?
00:13 What problem does OAuth 2.0 solve?
02:04 OAuth 2.0 Client Registration
03:06 OAuth 2.0 Confidential vs. public clients
04:21 OAuth 2.0 Authorization Code Grant
06:43 OAuth 2.0 Access and Refresh Tokens and JWTs
08:03 OAuth 2.0 Grant types: client credentials grant, implicit grant, resource owner password grant, device grant
09:03 Outro
OAuth 2.0 is an "authorization framework [that] allows third party applications to get limited access to an HTTP service" (RFC 6749).
OAuth 2.0 is all about giving third party applications limited access to APIs. Prior to OAuth 2.0, the third party would have asked for the user's credential...
Website: jangoebel.com
00:00 What is OAuth 2.0?
00:13 What problem does OAuth 2.0 solve?
02:04 OAuth 2.0 Client Registration
03:06 OAuth 2.0 Confidential vs. public clients
04:21 OAuth 2.0 Authorization Code Grant
06:43 OAuth 2.0 Access and Refresh Tokens and JWTs
08:03 OAuth 2.0 Grant types: client credentials grant, implicit grant, resource owner password grant, device grant
09:03 Outro
OAuth 2.0 is an "authorization framework [that] allows third party applications to get limited access to an HTTP service" (RFC 6749).
OAuth 2.0 is all about giving third party applications limited access to APIs. Prior to OAuth 2.0, the third party would have asked for the user's credential...
Просмотров: 19 438
Видео
What is the difference between a PUT and a PATCH request?
Просмотров 9 тыс.Год назад
🔥More exclusive content: productioncoder.com/you-decide-what-we-build-next Twitter: _jgoebel Website: jangoebel.com Blog: productioncoder.com PATCH RFC: datatracker.ietf.org/doc/html/rfc5789#section-9.1 The PUT HTTP verb is used to create or replace the resource under a specific URI completely. In case the resource under a particular URI already exists, it will be completely overwri...
What is a hash function?
Просмотров 2,5 тыс.2 года назад
🔥More exclusive content: productioncoder.com/you-decide-what-we-build-next Twitter: _jgoebel Website: jangoebel.com Blog: productioncoder.com A hash function is a function on a bit string that produces an output of fixed length. The goal of hash functions is to avoid collisions as much as possible. Typically the moment a collision is found in a modern hash function, this particular ...
What is the difference between data authenticity and data integrity?
Просмотров 1,3 тыс.2 года назад
🔥More exclusive content: productioncoder.com/you-decide-what-we-build-next Twitter: _jgoebel Website: jangoebel.com Blog: productioncoder.com Data Authenticity is the property that data comes from its purported source. Data Authenticity is violated if a message is not coming from the person you expect it to come from. Data Integrity is the property that data has not been altered or ...
What's the difference between Authentication vs Authorization?
Просмотров 3,5 тыс.2 года назад
🔥More exclusive content: productioncoder.com/you-decide-what-we-build-next Twitter: _jgoebel Website: jangoebel.com Blog: productioncoder.com Authentication is the process of verifying the identity of a user, process or device, often as a prerequisite to allowing access to resources in an information system. If you are trying to enter a country, the border officer is essentially per...
What is the difference between URI, URL and URN?
Просмотров 5 тыс.2 года назад
🔥More exclusive content: productioncoder.com/you-decide-what-we-build-next Twitter: _jgoebel Website: jangoebel.com Blog: productioncoder.com URN RFC: datatracker.ietf.org/doc/html/rfc8141 URI RFC: datatracker.ietf.org/doc/html/rfc3986 00:00 What is a URI? 00:39 What is a URL? 01:13 What is a URN? URI stands for Uniform Resource Identifier and is an identifier for a physical or abst...
OAuth 2.0 Pushed Authorization Requests
Просмотров 3,5 тыс.2 года назад
🔥More exclusive content: productioncoder.com/you-decide-what-we-build-next Twitter: _jgoebel Website: jangoebel.com Blog: productioncoder.com PAR RFC: www.rfc-editor.org/rfc/rfc9126.html When authorizing a natural person with the authorization code grant in OAuth 2.0, the initial request parameters are sent via the browser's bar (front channel). This poses several challenges 1. no a...
OAuth2 Resource Indicators
Просмотров 1,4 тыс.2 года назад
🔥More exclusive content: productioncoder.com/you-decide-what-we-build-next Twitter: _jgoebel Website: jangoebel.com Blog: productioncoder.com Resource Indicators RFC: datatracker.ietf.org/doc/html/rfc8707 00:00 What are OAuth2 resource indicators and why are they useful? 01:50 OAuth 2.0 Resource Indicators with JWTs 04:07 Conclusion Resource Indicators are a way for an OAuth2 client...
OpenID Connect client authentication: client_secret_jwt and private_key_jwt
Просмотров 4,6 тыс.2 года назад
🔥More exclusive content: productioncoder.com/you-decide-what-we-build-next Twitter: _jgoebel Website: jangoebel.com Blog: productioncoder.com OpenID core spec: openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication 00:00 client authentication for confidential clients in OAuth 2 and OpenID Connect 01:10 OpenID Connect client_secret_jwt client authentication 03:53 OpenID C...
OpenID Connect client authentication: basic auth and client secret post
Просмотров 2,7 тыс.2 года назад
🔥More exclusive content: productioncoder.com/you-decide-what-we-build-next Twitter: _jgoebel Website: jangoebel.com Blog: productioncoder.com Link to OAuth 2.0 Core RFC: datatracker.ietf.org/doc/html/rfc6749#section-2.3 00:00 Client Authentication in OAuth and OpenID Connect 00:28 Using HTTP Basic Auth (client_secret_basic) to authenticate to the authorization server 01:01 client_se...
OAuth 2.0 mutual client authentication (mTLS)
Просмотров 9 тыс.2 года назад
🔥More exclusive content: productioncoder.com/you-decide-what-we-build-next Twitter: _jgoebel Website: jangoebel.com Blog: productioncoder.com OAuth mTLS RFC: tools.ietf.org/html/rfc8705 00:00 Client Authentication between client and OAuth authorization server 01:41 OAuth 2.0 mutual TLS (mTLS) 04:43 OAuth 2.0 Certificate-Bound Access tokens with mutual TLS 05:59 Binding an access tok...
OAuth 2.0 JWT-secured Authorization Requests (JARs)
Просмотров 3,4 тыс.2 года назад
🔥More exclusive content: productioncoder.com/you-decide-what-we-build-next Twitter: _jgoebel Website: jangoebel.com Blog: productioncoder.com JWT-secured authorization requests RFC: datatracker.ietf.org/doc/html/rfc9101 00:00 Introduction to authorization requests in OAuth 01:37 What are JWT-secured authorization requests? 02:32 Using JWEs to encrypt authorization requests 04:24 JWT...
What are Bearer Tokens?
Просмотров 23 тыс.2 года назад
🔥More exclusive content: productioncoder.com/you-decide-what-we-build-next Twitter: _jgoebel Website: jangoebel.com Blog: productioncoder.com OAuth 2 Bearer Token Usage: datatracker.ietf.org/doc/html/rfc6750 00:00 What are Bearer tokens? 01:43 Proof of Possession would increase security Bearer tokens are commonly used for authorization and authentication on the web. If a token is a ...
OAuth 2.0 Dynamic Client Registration Management
Просмотров 1,9 тыс.2 года назад
🔥More exclusive content: productioncoder.com/you-decide-what-we-build-next Twitter: _jgoebel Website: jangoebel.com Blog: productioncoder.com OAuth Dynamic Client Registration Management Protocol: datatracker.ietf.org/doc/html/rfc7592 00:00 What is OAuth Dynamic Client Registration Management? 01:01 OAuth Client Configuration Endpoint and registration access token 01:40 Reading, upd...
Unsecured JWTs are a huge security vulnerability
Просмотров 1,2 тыс.2 года назад
Unsecured JWTs are a huge security vulnerability
HTTP structured field values: standardizing HTTP headers and trailers
Просмотров 5362 года назад
HTTP structured field values: standardizing HTTP headers and trailers
OpenID Connect vs OAuth | OpenID Connect explained
Просмотров 39 тыс.2 года назад
OpenID Connect vs OAuth | OpenID Connect explained
HS256 vs RS256 with JSON Web Tokens (JWTs)
Просмотров 2,8 тыс.2 года назад
HS256 vs RS256 with JSON Web Tokens (JWTs)
Well explained and good presentation, Thanks
Joey Avenue
Moore Mall
Myrl Track
Christine Route
Kayden Landing
Carter Radial
Michale Pike
Brown Karen Gonzalez Jason Anderson Laura
Powlowski Villages
Feest Road
Johnson Jessica Rodriguez Richard Rodriguez Daniel
Jones Matthew Clark Charles Lopez Timothy
Sadie Tunnel
Wilkinson Meadow
01285 Queenie Coves
Ledner Plain
Toy Lights
Wilson Betty Williams Thomas Rodriguez Margaret
Hector Crossroad
Howell Knolls
Shields Rest
Dietrich Forges
Garcia Dorothy White Paul Clark Karen
Rutherford Divide
Jakob Forges
Evalyn Stream
Emmitt Points
Lonnie Forest
Gennaro Radial
893 Arch Roads
Bradtke Spring
Rippin Harbor
Douglas Road
Koelpin Wells
Romaguera Land
Clovis Drives
Ferry Burgs
Albina Islands
Lubowitz Stream
Kaia Street
Gleason Lake
Dolores Prairie
Feest Forks
Spinka Road
Little Gardens
Shanahan Way
Dorris Overpass
Aisha Corner
Clark Ruth Harris Donald Miller Christopher