Introduction to OAuth 2.0 and OpenID Connect • Philippe De Ryck • GOTO 2018
HTML-код
- Опубликовано: 5 фев 2025
- This presentation was recorded at GOTO Berlin 2018. #gotocon #gotober
gotober.com
Philippe De Ryck - Founder of Pragmatic Web Security, Google Developer Expert @philippederyck2572
ABSTRACT
OAuth is a delegation framework that appears on the radar of security professionals and developers more and more every day. OAuth intersects with authentication and access control, yet you would not likely use OAuth in and of itself for authentication, session management or an access control in your applications. Even more confusing, OAuth is not a standard and various service providers will likely have different implementations. Let's say it again, OAuth is not a standard - its a framework for delegation. So this leaves us with questions! What really is delegation? Where does OAuth fit [...]
Download slides and read the full abstract here:
gotober.com/20...
RECOMMENDED BOOKS
Aaron Parecki • OAuth 2.0 Simplified • amzn.to/2A3IMOf
Aaron Parecki • OAuth 2.0 Servers • amzn.to/3ecHEsz
Aaron Parecki • The Little Book of OAuth 2.0 RFCs • amzn.to/3i7qnlC
Erdal Ozkaya • Cybersecurity: The Beginner's Guide • amzn.to/2T6OIj3
Richer & Sanso • OAuth 2 in Action • amzn.to/3hXiAH6
Wilson & Hingnikar • Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0 • amzn.to/2U8iLY2
/ gotocon
/ goto-
/ goto_con
/ gotoconferences
#OAuth2 #OAuth #OpenIDConnect #security #openID #PhilippeDeRyck
CHANNEL MEMBERSHIP BONUS
Join this channel to get early access to videos & other perks:
/ @goto-
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at gotopia.tech
Sign up for updates and specials at gotopia.tech/n...
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
www.youtube.co...
Brilliant. There are just talks or there is a presentation driven by someone who has the vast intention and willingness to transfer knowledge. That's what we have here. Thanks Philippe.
The best talk about OAuth and OIDC ever watched
Thank you. First talk in two weeks that has explained oidc
Man, I am glad that thing finally makes sense to me
Thank you.
By far the best session on OAuth2.0 available on youtube.
Finally an outstanding presentation that also explain the resource server perspective. Without doubt the best Oauth-2 presentation so far I have found on youtube.
A consolidated session. Thanks a lot Philippe and GOTO!
Thank you Philippe De Ryck for this excellent presentation!
This is a really clear explanation!
The best on the topic ! Philipe rocks !
I like this guy, he explain very well.
Really nice explanation on OIDC flow and what to do with the ID token
Small but important detail 41:16 he says there are only 3 flows but in reality OpenID Connect supports all OAuth 2.0 grant types including ROPC Grant and Client Credentials Grant.
Awesome explanation thanks Philippe
that's a very great explanation, man. thanks a lot.
In these diagrams, using the Twitter example, would "client" always refer to Buffer's back and and "resource server" always refer to Twitter's back end?
Outstanding presentation, thank you for sharing!
Endpoint should be /token instead of /auth at 17:26
Thanks
Perfect presentation.
Very good explanation. Thanks you.
I love GOTO; Intro
Very good presentation!
wonderful talk
Really well explained. Thank you!
very well presented, thanks!
Very good!
beautiful
very well explained
Excelent...
very helpful. thank you.
Can you give me that What is Client at 14 : 25 ?? Follow me it can Server API ?
Too bad he doesn't say anything about the Authorization Code Grant with Proof Key For Code Exchange (PKCE) flow because that is now the recommended flow for public clients instead of the implicit flow. And yes this was recommended before 2018.
Slides link pls
Hi there, thanks for your comment. If available the slides are linked in the video description. Here you go:
gotober.com/2018/sessions/653
Philippe De Ryck