OAuth 2.0 is the go-to solution for API security, bringing authorization and delegation to modern HTTP APIs. In this course, you'll learn the fundamentals of OAuth, allowing you to architect and implement the right solution for your requirements. Take this course to learn about OAuth factors and flows and how to securely protect your APIs with Okta API Access Management. Beginning with an introduction to OAuth, we will discuss common access scenarios supported by each standard to help you make the right authentication and authorization decision for your application. Students use the Okta Identity Cloud platform to implement API Authorization with OAuth through completion of extensive JavaScript coding labs. Best practices are covered, as well as testing and troubleshooting techniques.
Objectives:
Participants will learn how to:
- Securely protect custom REST APIs with Okta API Access Management and OAuth.
- Take the use of OAuth in the enterprise from theory to practice.
- Understand OAuth actors and flows and when to use them.
- Set up custom Authorization Servers to design custom Access Tokens for your services.
- Configure Access Policies to protect your APIs.
- Integrate API Access Management with Universal Directory to build adaptive access for your APIs.
- Protect your own public services incorporating consent, authentication and authorization, developer registration, and application declaration.
- Understand best practices and troubleshoot common problems.
Course content
Introduction to OAuth
API Security
- Introduction
- A Problem of API Authorization
- A Solution: Credential Sharing
- A Solution: Cookies
- A Solution: API Keys
- The Solution: OAuth 2.0
- OAuth: A Misunderstood Protocol
- Demo: A Very Typical OAuth Flow
OAuth in Detail
- Introduction
- Protocol Endpoints
- What Is a Scope?
- Authorization Code for Web Applications
- Lab: Authorization Code for Web Applications
- Implicit Flow for Single Page Applications
- Lab: Implicit Flow for Single Page Applications
- Client Credentials for Machines
- Lab: Client Credentials for Machines
- Resource Owner Password Credentials for No One
- Lab: Resource Owner Password Credentials for No One
- Long-lived Access with Refresh Tokens
- Lab: Long-lived Access with Refresh Tokens
- Choosing the Right Response Mode
- When Things Go Wrong
- Simplifying OAuth with OAuth 2.1
Best Practices for Native Applications
- Introduction
- The Unique Issues of Native Applications
- Dealing with Stolen Tokens Using PKCE
- Choosing the Best Redirect URI
- Not All Browsers Are Created Equally
- Lab: OAuth for Native Applications in Action
Best Practices for Browser-based Applications
- Introduction
- The Security Profile of a Browser-based Application
- OAuth within the Browser
- Avoid OAuth with SameSite Cookies
- Secure Browser-based Applications with Backend for Frontend
Extending OAuth
- Introduction
- OAuth + Identity with OpenID Connect
- Lab: Identity with OpenID Connect
- Automatically Configuring Clients with OAuth Metadata
- Securely Authorizing the IoT with the OAuth Device Flow
- Lab: Device Flow in Action
- Combining SAML and OAuth with the SAML Assertion Grant
- Securing Microservices with Token Exchange
OAuth vs OpenID Connect
Use OAuth to access Facebook
Use OAuth to access LinkedIn APIs
Use OAuth to access Gmail and Other Google Products
Use OAuth to access PayPal
To see the full course content Download now
Course Prerequisites
- You should be familiar with basic web service and API development
- If you would like to use OAuth in a Mobile App, you should know how to develop for the respective platform. Mobile App Development is not covered in this course.
Who can attend
- This course is perfect for Architects and Developers who are familiar with using Okta REST APIs, Widgets, and SDKs to and want to expand their knowledge to customer identity management scenarios.
Number of Hours: 25hrs
Certification
Key features
- One to One Training
- Online Training
- Fastrack & Normal Track
- Resume Modification
- Mock Interviews
- Video Tutorials
- Materials
- Real Time Projects
- Virtual Live Experience
- Preparing for Certification
FAQs
DASVM Technologies offers 300+ IT training courses with 10+ years of Experienced Expert level Trainers.
- One to One Training
- Online Training
- Fastrack & Normal Track
- Resume Modification
- Mock Interviews
- Video Tutorials
- Materials
- Real Time Projects
- Materials
- Preparing for Certification
Call now: +91-99003 49889 and know the exciting offers available for you!
We working and coordinating with the companies exclusively to get placed. We have a placement cell focussing on training and placements in Bangalore. Our placement cell help more than 600+ students per year.
Learn from experts active in their field, not out-of-touch trainers. Leading practitioners who bring current best practices and case studies to sessions that fit into your work schedule. We have a pool of experts and trainers are composed with highly skilled and experienced in supporting you in specific tasks and provide professional support. 24x7 Learning support from mentors and a community of like-minded peers to resolve any conceptual doubts. Our trainers has contributed in the growth of our clients as well as professionals.
All of our highly qualified trainers are industry experts with at least 10-12 years of relevant teaching experience. Each of them has gone through a rigorous selection process which includes profile screening, technical evaluation, and a training demo before they are certified to train for us. We also ensure that only those trainers with a high alumni rating continue to train for us.
No worries. DASVM technologies assure that no one misses single lectures topics. We will reschedule the classes as per your convenience within the stipulated course duration with all such possibilities. If required you can even attend that topic with any other batches.
DASVM Technologies provides many suitable modes of training to the students like:
- Classroom training
- One to One training
- Fast track training
- Live Instructor LED Online training
- Customized training
Yes, the access to the course material will be available for lifetime once you have enrolled into the course.
You will receive DASVM Technologies recognized course completion certification & we will help you to crack global certification with our training.
Yes, DASVM Technologies provides corporate trainings with Course Customization, Learning Analytics, Cloud Labs, Certifications, Real time Projects with 24x7 Support.
Yes, DASVM Technologies provides group discounts for its training programs. Depending on the group size, we offer discounts as per the terms and conditions.
We accept all major kinds of payment options. Cash, Card (Master, Visa, and Maestro, etc), Wallets, Net Banking, Cheques and etc.
DASVM Technologies has a no refund policy. Fees once paid will not be refunded. If the candidate is not able to attend a training batch, he/she is to reschedule for a future batch. Due Date for Balance should be cleared as per date given. If in case trainer got cancelled or unavailable to provide training DASVM will arrange training sessions with other backup trainer.
Your access to the Support Team is for lifetime and will be available 24/7. The team will help you in resolving queries, during and after the course.
Please Contact our course advisor +91-99003 49889. Or you can share your queries through info@dasvmtechnologies.com
