Securing Your APIs with OAuth 2.0 - API Days

preview_player
Показать описание

In this talk, you’ll learn how to use OAuth 2.0 to secure access to your APIs. OAuth is an authorization protocol which enables applications to access data on behalf of users without needing to know their username and password. This enables many use cases such as easily enabling multi-factor authorization for your users, and better separation of concerns of all your backend services.

We’ll look at how to use JWT access tokens, as well as the tradeoffs that come with them. We’ll look at how to design scopes that allow granular access to various parts of your backend services. We’ll also look at how to design a microservices architecture protected by OAuth at a gateway.

---

Okta is a developer API service that stores user accounts for your web apps, mobile apps, and APIs.

  1. OktaDev
  2. oauth
  3. security
  4. api
  5. web
  6. oauth2
Рекомендации по теме
Securing Your APIs 0:31:36

Securing Your APIs with OAuth 2.0

Securing Your APIs 0:31:36

Securing Your APIs with OAuth 2.0 - API Days

OAuth 2 Explained 0:04:32

OAuth 2 Explained In Simple Terms

Protecting Your APIs 0:59:25

Protecting Your APIs with OAuth

OAuth 2.0 explained 0:10:03

OAuth 2.0 explained with examples

Web API Security 0:16:21

Web API Security | Basic Auth, OAuth, OpenID Connect, Scopes & Refresh Tokens

Secure your APIs 0:29:39

Secure your APIs using OAuth 2 and OpenID Connect

oAuth for Beginners 0:10:43

oAuth for Beginners - How oauth authentication🔒 works ?

4D Webinar - 1:10:25

4D Webinar - What's new in 4D 20 R5 [English - EMEA & APAC]

Protect an API 0:09:13

Protect an API in Azure API Management using OAuth - Step-by-Step Tutorial

Securing your APIs 0:41:48

Securing your APIs using OAuth - Dan Moore - ASW #225

OAuth, JWT, HMAC, 0:25:39

OAuth, JWT, HMAC, oh my! API security for your enterprise

Understanding The Fundamentals 0:09:41

Understanding The Fundamentals of API Security | How APIs are Attacked and How to Secure Them

Scalable API Security 0:12:41

Scalable API Security Using OAuth

Securing Your Microservices 0:02:41

Securing Your Microservices with oAuth

5 Best Practices 0:15:42

5 Best Practices for Securing Your APIs

OAuth 2.0 Client 0:05:34

OAuth 2.0 Client Credentials Flow (in plain English)

Protect Your APIs 1:15:47

Protect Your APIs with OAuth | Developer Day 2021 Labs

Protecting Your APIs 0:59:25

Protecting Your APIs with OAuth

'Basic Authentication' in 0:05:07

'Basic Authentication' in Five Minutes

Apigee Edge - 0:04:22

Apigee Edge - 4MV4D - API Security - OAuth 2.0 - Explained in 4 Minutes for Beginners - S24E02

Securing APIs in 0:17:14

Securing APIs in a Cloud Native Environment Using OAuth

6/24 Securing your 0:29:28

6/24 Securing your API beyond basic OAuth by Sender Constrained Tokens... | Identiverse 2018

Securing APIs and 0:44:39

Securing APIs and Microservices with OAuth and OpenID Connect - API Conference 2018

Комментарии
Автор

This is a golden example of how a technical presentation should be. Great job!

Chris.Plunkett
Автор

Presenter was clear in mind what he is talking! I am able to understand which I failed to uderstand from many other similar content. Thank you.

starman
Автор

not shortest one in YouTube, but one of the BEST to explain Oauth ! Thanks you !

mingzus
Автор

One of the best presentations on this topic. Lucid, on-point, and yet moderately detailed. Thank you, Aaron.

AnonyoX
Автор

I already read some articles, but this was a perfect explanation.

ThePersepolis
Автор

Thanks for this video. I was curious about how to secure Web APIs using OAuth2.0 and the second half of this talk answered it perfectly.

FictionsAndIllusions
Автор

that was an absolutely brilliant tutorial. thanks very much.

joeyjoejoo
Автор

Excellent presentation. It wasn't hard at all to watch for a half-hour talk.

sergiocamacho
Автор

Very nice presentation. Really helped!

sumitkumarbu
Автор

Thanks for sharing this information.
I found it very clear and useful. I am doing some work as IAM Arch and not always it is clear the path.

santiagocavanna
Автор

PKCE is not the replacement of client authentication. It's simply to prove whoever is exchanging code for token is the same guy who requested the code.

alirezaamedeo
Автор

Hi, great presentation, the hotel card analogy is quite good.

But IMHO, really poor choice of colors for the slides. I'm colorblind and don't see any difference between those arrows that you mentioned in slide at minute 10:39.

mansimen
Автор

Specs are not good tutorials, 20 specs 00:57 the password anti-pattern 02:23 OAuth spec, Sign in with 02:46 OAuth was designed to give access to data, accessing APIs not about identifying the user 04:15 OpenID connect 04:36 OAuth originally created for that third-party app access, first party app as well, gmail actually redirects you to the google OAuth server 06:24 we gonna take a look how OAuth works, from an application point of view 06:39 access token, hotel key 07:57 five roles 08:51 starting with the simplest flow 10:45

domaincontroller
Автор

You may not want to expose scopes of a JWT to the world so reference token will be the only option.

alirezaamedeo
Автор

It's couldn't care less, not could care less

allycdes