OAuth and OIDC Essentials

4th of July Sale: Use coupon “FIREWORKS15” and get 15% off on Pro and Pro Plus Individual Annual Plans.
Learning Path
Advanced Application Security
Ideal for
Security Engineer
Cloud Labs

OAuth and OIDC (OpenID Connect) have become the de facto protocol for Authentication and Authorization on the modern web. Nearly every application you use depends on these technologies, particularly for Single-Sign On and Social Login. Despite their ubiquity, OAuth and OIDC can get confusing, especially with the multiple flows, models and use-cases.

In this course, we’re going to start with the basics of OAuth and OIDC. We’ll examine how these protocols have evolved over the years, and how we’ve come to grow dependent on them.

After that, in typical AppSecEngineer style, we’re going to take a deep-dive into OAuth and OIDC. We’ll be exploring the different flows related to them, including the Authorization Code Grant, Implicit Grant, Client Credentials Grant, and more. You’ll get to learn each of these topics using powerful hands-on labs that will demonstrate these concepts in depth.

At the end of the course, we’re checking out the new OAuth PKCE Flow (Proof Key for Code Exchange), which is currently considered the more secure type of flow for OAuth and OIDC. Finally, we’ll learn a few best practices for protecting tokens and securing these implementations on the browser.

You might also like these courses

Or explore these Learning Paths


Keycloak 101

Client Credential Flow

Implicit Flow

Authorization Code Flow - Confidential

Authorization Code Flow with PKCE - Confidential

Hands-on. Defensive. Bleeding-Edge.

There's no other training platform that does all three. Except AppSecEngineer.
Get Our Newsletter
Get Started

Contact Support

1603 Capitol Avenue,
Suite 413A #2898,
Cheyenne, Wyoming 82001,
United States

Copyright AppSecEngineer © 2023