Description:
OAuth 2.0 is an authorization framework that is extensively used in the Internet. With extensions, it can be used to implement single sign-on (SSO) where a user who logs in to one web site can be made to interact with other web sites as a logged in user without retyping username and password. OAuth 2.0 provides more. A user can allow an application A to access web application B on behalf of the user without providing the username and password pair to A. The said application A could be a web application, a desktop application or even a mobile application. Both A and B however need to interact with what is known as an authorization server trusted by the user.
In modern days, we find a lot of mobile applications that communicate with web based APIs. OAuth 2.0 can be used to secure those APIs too while benefiting from the features provided by OAuth 2.0.
In this training, we investigate how OAuth 2.0 works and also experiment with basic implementations of an OAuth 2.0 authorization server, a client and a resource server. The demonstrations will be done in PHP language even though the concepts learnt will be applicable to other languages as well.
Target Groups:
- Web application developers
- Mobile application developers
- Information systems security professionals
Prerequisites:
- Some familiarity with how web applications work.
Communication Language:
English
Duration:
3 Hours
Training Fee:
Rs. 5000/= (LKR) per participant when the training is publicly scheduled by us.
Visit this page for the fee if this training is scheduled on special request.
Facilitator:
Kamal Wickramanayake (Profile)
Training Content:
- Introduction
- Problems solved by OAuth 2.0
- OAuth 2.0 usage scenarios
- Roles
- Protocol flow
- Grant types
- Authorization code
- Implicit
- Resource owner password credentials
- Client credentials
- Tokens
- Access token
- Refresh token
- Client types
- Confidential
- Public
- Scopes
- JWT (JSON Web Token)
- OpenID Connect
- PKCE (Proof Key for Code Exchange) extension
- Problems solved by PKCE
- Protocol flow
- Implementing an OAuth 2.0 authorization server
- Implementing an OAuth 2.0 client
- Implementing an OAuth 2.0 resource server