Enterprises
Individuals
Enterprises
Individuals
Menu
Menu
Sign in
Product
Solutions
Pricing
Resources
Learn
Hands-on Labs
Courses
Learning Journeys
Challenges
Cloud Sandboxes
Playgrounds
Measure
Assessments
Certifications
Integrate
SCORM & LTI
SSO & SCIM
Our Learning Platform
Get Started Today
Book a demo
Get free trial
Contact us
Industries
Manufacturing
Government
Finance
Technology
Healthcare
Defence
Retail
Teams
C-suite
Security Teams
Engineering Teams
For L&D
We’ll help you
Achieve ROI
Achieve Compliance
Reduce Risk
Measurable Increase in Skills
Instructor Led Training
Success Stories
View all
View Enterprise Plans
Resources
E-books
Case studies
Webinars
Blog
Support
AppSecEngineer 101 Guide
Help Center
Discord
Teams
For C-suite
For Engineering Teams
For Product Teams
For L&D
What’s New
View all
Ditch the Audit Panic! AppSecEngineer's Got Your Back.
The Complete Guide to ISO 27001 Compliance
X
X
X
Intermediate

OAuth and OIDC Essentials

Step into the Spotlight with AppSec Expertise: Use coupon ‘SKILLUP30’ and get 30% Off on Individual Pro Annual Plans.
Learning Path
Advanced Application Security
Ideal for
Developer
Security Engineer
7
Hours
38
Lessons
5
Cloud Labs

OAuth and OIDC (OpenID Connect) have become the de facto protocol for Authentication and Authorization on the modern web. Nearly every application you use depends on these technologies, particularly for Single-Sign On and Social Login. Despite their ubiquity, OAuth and OIDC can get confusing, especially with the multiple flows, models and use-cases.

In this course, we’re going to start with the basics of OAuth and OIDC. We’ll examine how these protocols have evolved over the years, and how we’ve come to grow dependent on them.

After that, in typical AppSecEngineer style, we’re going to take a deep-dive into OAuth and OIDC. We’ll be exploring the different flows related to them, including the Authorization Code Grant, Implicit Grant, Client Credentials Grant, and more. You’ll get to learn each of these topics using powerful hands-on labs that will demonstrate these concepts in depth.

At the end of the course, we’re checking out the new OAuth PKCE Flow (Proof Key for Code Exchange), which is currently considered the more secure type of flow for OAuth and OIDC. Finally, we’ll learn a few best practices for protecting tokens and securing these implementations on the browser.

Get STARTED

You might also like these courses

API Security: Attack and Defense

JWT Jiu-Jitsu

Secrets Management with Hashicorp Vault

Or explore these Learning Paths

AI & LLM Security Learning Path and Collection
Google Cloud Security
Threat Modeling
Kubernetes Security
DevSecOps
Container Security
Azure Security
AWS Security
Advanced Application Security
Application Security Essentials

Labs

Keycloak 101

Client Credential Flow

Implicit Flow

Authorization Code Flow - Confidential

Authorization Code Flow with PKCE - Confidential

Course Content

Ready to Elevate Your Security Training?

Empower your teams with the skills they need to secure your applications and stay ahead of the curve.
Get Our Newsletter
Get Started
X
X
QUICK LINKS
Sign InSign UpPrivacy Policy
E-BOOKS
Beginner's Guide to
a Career in AppSecTrain your Teams to Fly
FOLLOW APPSECENGINEER
CONTACT

Contact Support

help@appsecengineer.com

68 Circular Road, #02-01, 049422, Singapore

Copyright AppSecEngineer © 2023