Introduction to OAuth 2.0 and OpenID Connect • Philippe De Ryck • GOTO 2018
ฝัง
- เผยแพร่เมื่อ 27 ก.ย. 2024
- This presentation was recorded at GOTO Berlin 2018. #gotocon #gotober
gotober.com
Philippe De Ryck - Founder of Pragmatic Web Security, Google Developer Expert
ABSTRACT
OAuth is a delegation framework that appears on the radar of security professionals and developers more and more every day. OAuth intersects with authentication and access control, yet you would not likely use OAuth in and of itself for authentication, session management or an access control in your applications. Even more confusing, OAuth is not a standard and various service providers will likely have different implementations. Let's say it again, OAuth is not a standard - its a framework for delegation. So this leaves us with questions! What really is delegation? Where does OAuth fit [...]
Download slides and read the full abstract here:
gotober.com/20...
RECOMMENDED BOOKS
Aaron Parecki • OAuth 2.0 Simplified • amzn.to/2A3IMOf
Aaron Parecki • OAuth 2.0 Servers • amzn.to/3ecHEsz
Aaron Parecki • The Little Book of OAuth 2.0 RFCs • amzn.to/3i7qnlC
Erdal Ozkaya • Cybersecurity: The Beginner's Guide • amzn.to/2T6OIj3
Richer & Sanso • OAuth 2 in Action • amzn.to/3hXiAH6
Wilson & Hingnikar • Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0 • amzn.to/2U8iLY2
/ gotober
/ gotoconference
/ goto-
gotocon.com
#OAuth2 #OAuth #OpenIDConnect #security #openID
Looking for a unique learning experience?
Attend the next GOTO Conference near you! Get your ticket at gotocon.com
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
www.youtube.co...
The best talk about OAuth and OIDC ever watched
Brilliant. There are just talks or there is a presentation driven by someone who has the vast intention and willingness to transfer knowledge. That's what we have here. Thanks Philippe.
Thank you.
By far the best session on OAuth2.0 available on youtube.
Thank you. First talk in two weeks that has explained oidc
Finally an outstanding presentation that also explain the resource server perspective. Without doubt the best Oauth-2 presentation so far I have found on youtube.
A consolidated session. Thanks a lot Philippe and GOTO!
Thank you Philippe De Ryck for this excellent presentation!
I like this guy, he explain very well.
Really nice explanation on OIDC flow and what to do with the ID token
The best on the topic ! Philipe rocks !
Endpoint should be /token instead of /auth at 17:26
Awesome explanation thanks Philippe
Small but important detail 41:16 he says there are only 3 flows but in reality OpenID Connect supports all OAuth 2.0 grant types including ROPC Grant and Client Credentials Grant.
that's a very great explanation, man. thanks a lot.
Very good explanation. Thanks you.
Perfect presentation.
Man, I am glad that thing finally makes sense to me
wonderful talk
Really well explained. Thank you!
very well presented, thanks!
beautiful
very well explained
Very good!
Can you give me that What is Client at 14 : 25 ?? Follow me it can Server API ?
Philippe De Ryck
Slides link pls
Hi there, thanks for your comment. If available the slides are linked in the video description. Here you go:
gotober.com/2018/sessions/653
Thanks
This is a really clear explanation!
I love GOTO; Intro
Too bad he doesn't say anything about the Authorization Code Grant with Proof Key For Code Exchange (PKCE) flow because that is now the recommended flow for public clients instead of the implicit flow. And yes this was recommended before 2018.
Excelent...
Very good presentation!
very helpful. thank you.
Outstanding presentation, thank you for sharing!