Hi All - Use link below for my popular courses on Authentication www.mudraservices.com/udemycoupon.html?course=oauth www.mudraservices.com/udemycoupon.html?course=advo www.mudraservices.com/udemycoupon.html?course=saml For more of my courses, check out - www.mudraservices.com
much needed discussion. In my initial days of learning OAuth I was confused. Now this video will help to everyone who are in confusion while learning security frameworks. Specially the term enterprise authorisation will help them to distinguish between authentication, authorisation.
I agree. When I first came across OIDC, I could not figure out why this was called the Authorization server. It was not helping in any authorization activities that I was doing. The reason was I was looking at it from an Enterprise perspective. Reality dawned on me only when I understood what OAuth was all about. That's why I made this video to clarify for others who have the same question.
Excellent! Basically every application has to do its own authorization. What you are calling as 'Enterprise Authorization' is where LMS is authorizing the user to do something in the LMS app itself. Obviously, if the user wants to post his learning cert to LinkedIN - that is now an action he is talking in the LinkedIN app - and therefore LinkedIn has to do the authorization for that posting action. This is what you are calling as oAuth Authorization. oAuth is the protocol that allows LMS to take the action in ON BEHALF of the user, in the LinkedIN app. AUTHENTICATION however, does not need to be done by the application itself (and is actually better if it is not) - and can be instead centralized instead in a IDENTITY MANAGEMENT application . Authentication can therefore be done either through a centralized Enterprise Identity Management solution (like Okta) , or using social identities (like Google ID) which leverage the OpenID Connect protocol
Hi All - Use link below for my popular courses on Authentication
www.mudraservices.com/udemycoupon.html?course=oauth
www.mudraservices.com/udemycoupon.html?course=advo
www.mudraservices.com/udemycoupon.html?course=saml
For more of my courses, check out - www.mudraservices.com
much needed discussion. In my initial days of learning OAuth I was confused. Now this video will help to everyone who are in confusion while learning security frameworks. Specially the term enterprise authorisation will help them to distinguish between authentication, authorisation.
I agree. When I first came across OIDC, I could not figure out why this was called the Authorization server. It was not helping in any authorization activities that I was doing. The reason was I was looking at it from an Enterprise perspective. Reality dawned on me only when I understood what OAuth was all about.
That's why I made this video to clarify for others who have the same question.
Excelente teacher, best regards!
Glad you liked !
Excellent! Basically every application has to do its own authorization. What you are calling as 'Enterprise Authorization' is where LMS is authorizing the user to do something in the LMS app itself. Obviously, if the user wants to post his learning cert to LinkedIN - that is now an action he is talking in the LinkedIN app - and therefore LinkedIn has to do the authorization for that posting action. This is what you are calling as oAuth Authorization. oAuth is the protocol that allows LMS to take the action in ON BEHALF of the user, in the LinkedIN app. AUTHENTICATION however, does not need to be done by the application itself (and is actually better if it is not) - and can be instead centralized instead in a IDENTITY MANAGEMENT application . Authentication can therefore be done either through a centralized Enterprise Identity Management solution (like Okta) , or using social identities (like Google ID) which leverage the OpenID Connect protocol