Introduction to OAuth 2.0 and OpenID Connect • Philippe De Ryck • GOTO 2018
Ғылым және технология
This presentation was recorded at GOTO Berlin 2018. #gotocon #gotober
gotober.com
Philippe De Ryck - Founder of Pragmatic Web Security, Google Developer Expert
ABSTRACT
OAuth is a delegation framework that appears on the radar of security professionals and developers more and more every day. OAuth intersects with authentication and access control, yet you would not likely use OAuth in and of itself for authentication, session management or an access control in your applications. Even more confusing, OAuth is not a standard and various service providers will likely have different implementations. Let's say it again, OAuth is not a standard - its a framework for delegation. So this leaves us with questions! What really is delegation? Where does OAuth fit [...]
Download slides and read the full abstract here:
gotober.com/2018/sessions/653
RECOMMENDED BOOKS
Aaron Parecki • OAuth 2.0 Simplified • amzn.to/2A3IMOf
Aaron Parecki • OAuth 2.0 Servers • amzn.to/3ecHEsz
Aaron Parecki • The Little Book of OAuth 2.0 RFCs • amzn.to/3i7qnlC
Erdal Ozkaya • Cybersecurity: The Beginner's Guide • amzn.to/2T6OIj3
Richer & Sanso • OAuth 2 in Action • amzn.to/3hXiAH6
Wilson & Hingnikar • Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0 • amzn.to/2U8iLY2
/ gotober
/ gotoconference
/ goto-
gotocon.com
#OAuth2 #OAuth #OpenIDConnect #security #openID
Looking for a unique learning experience?
Attend the next GOTO Conference near you! Get your ticket at gotocon.com
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
kzread.info...
Пікірлер: 36
The best talk about OAuth and OIDC ever watched
Brilliant. There are just talks or there is a presentation driven by someone who has the vast intention and willingness to transfer knowledge. That's what we have here. Thanks Philippe.
Man, I am glad that thing finally makes sense to me
Thank you. First talk in two weeks that has explained oidc
Thank you Philippe De Ryck for this excellent presentation!
A consolidated session. Thanks a lot Philippe and GOTO!
Thank you. By far the best session on OAuth2.0 available on youtube.
Finally an outstanding presentation that also explain the resource server perspective. Without doubt the best Oauth-2 presentation so far I have found on youtube.
I like this guy, he explain very well.
The best on the topic ! Philipe rocks !
This is a really clear explanation!
that's a very great explanation, man. thanks a lot.
Really nice explanation on OIDC flow and what to do with the ID token
Awesome explanation thanks Philippe
Perfect presentation.
Very good explanation. Thanks you.
Thanks
very well presented, thanks!
Really well explained. Thank you!
wonderful talk
Very good presentation!
Outstanding presentation, thank you for sharing!
very well explained
beautiful
very helpful. thank you.
Very good!
Small but important detail 41:16 he says there are only 3 flows but in reality OpenID Connect supports all OAuth 2.0 grant types including ROPC Grant and Client Credentials Grant.
Excelent...
I love GOTO; Intro
Endpoint should be /token instead of /auth at 17:26
Philippe De Ryck
Can you give me that What is Client at 14 : 25 ?? Follow me it can Server API ?
Too bad he doesn't say anything about the Authorization Code Grant with Proof Key For Code Exchange (PKCE) flow because that is now the recommended flow for public clients instead of the implicit flow. And yes this was recommended before 2018.
Slides link pls
@GOTO-
5 жыл бұрын
Hi there, thanks for your comment. If available the slides are linked in the video description. Here you go: gotober.com/2018/sessions/653