Introduction to OAuth 2.0 and OpenID Connect • Philippe De Ryck • GOTO 2018

preview_player
Показать описание
This presentation was recorded at GOTO Berlin 2018. #gotocon #gotober

Philippe De Ryck - Founder of Pragmatic Web Security, Google Developer Expert @philippederyck2572

ABSTRACT
OAuth is a delegation framework that appears on the radar of security professionals and developers more and more every day. OAuth intersects with authentication and access control, yet you would not likely use OAuth in and of itself for authentication, session management or an access control in your applications. Even more confusing, OAuth is not a standard and various service providers will likely have different implementations. Let's say it again, OAuth is not a standard - its a framework for delegation. So this leaves us with questions! What really is delegation? Where does OAuth fit [...]

Download slides and read the full abstract here:

RECOMMENDED BOOKS

#OAuth2 #OAuth #OpenIDConnect #security #openID #PhilippeDeRyck

CHANNEL MEMBERSHIP BONUS
Join this channel to get early access to videos & other perks:

Looking for a unique learning experience?

SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
  1. GOTO Conferences
  2. GOTO
  3. GOTOcon
  4. GOTO Conference
  5. GOTO (Software Conference)
  6. Videos for Developers
Рекомендации по теме
OAuth 2 Explained 0:04:32

OAuth 2 Explained In Simple Terms

Introduction to OAuth 2:43:46

Introduction to OAuth 2.0 and OpenID Connect By Philippe De Ryck

OAuth 2.0: An 0:06:34

OAuth 2.0: An Overview

OAuth 2.0 explained 0:10:03

OAuth 2.0 explained with examples

An Illustrated Guide 0:16:36

An Illustrated Guide to OAuth and OpenID Connect

OAuth 2.0 - 0:09:16

OAuth 2.0 - a dead simple explanation

oAuth for Beginners 0:10:43

oAuth for Beginners - How oauth authentication🔒 works ?

OAuth 2.0 and 1:02:17

OAuth 2.0 and OpenID Connect (in plain English)

OAuth 2 Introduction 0:17:01

OAuth 2 Introduction | OAuth Concepts| OAuth Framework Explained| How OAuth 2.0 Works?

API Authentication: JWT, 0:06:12

API Authentication: JWT, OAuth2, and More

1 Introduction to 0:04:22

1 Introduction to OAUTH 2 0

What is OAuth2.0 0:09:21

What is OAuth2.0 (in plain English)

What is OAuth? 0:00:56

What is OAuth?

Introduction - OAuth2.0&OpenId_1 0:12:59

Introduction - OAuth2.0&OpenId_1

02. Introduction to 0:25:28

02. Introduction to OAuth 2 0

What is OAuth? 0:00:41

What is OAuth?

What is OAuth2 0:01:00

What is OAuth2 | OAuth2 Tutorial for Beginners in 1 Minute

[2023] OAuth 2 0:14:37

[2023] OAuth 2 tutorial in 15 Minutes

What is OAuth2? 0:19:56

What is OAuth2? How does OAuth2 work? | Naveen AutomationLabs

Setup Google OAuth 0:06:51

Setup Google OAuth sign in 6 minutes

1. Introduction to 0:01:05

1. Introduction to OAuth2.0 protocol

OAuth 2.0 Client 0:05:34

OAuth 2.0 Client Credentials Flow (in plain English)

Auth0 in 100 0:08:24

Auth0 in 100 Seconds // And beyond with a Next.js Authentication Tutorial

Google OAuth 2 0:00:21

Google OAuth 2 0 Playground

Комментарии
Автор

Brilliant. There are just talks or there is a presentation driven by someone who has the vast intention and willingness to transfer knowledge. That's what we have here. Thanks Philippe.

PaulVanBladel
Автор

The best talk about OAuth and OIDC ever watched

leo-phiponatchi
Автор

Man, I am glad that thing finally makes sense to me

vadimemelin
Автор

Thank you. First talk in two weeks that has explained oidc

ubaidullah
Автор

Thank you.
By far the best session on OAuth2.0 available on youtube.

VIJAYBVERMA
Автор

Finally an outstanding presentation that also explain the resource server perspective. Without doubt the best Oauth-2 presentation so far I have found on youtube.

albpace
Автор

A consolidated session. Thanks a lot Philippe and GOTO!

islamh
Автор

Thank you Philippe De Ryck for this excellent presentation!

nikolassepos
Автор

I like this guy, he explain very well.

divabanyuwigara
Автор

The best on the topic ! Philipe rocks !

sudiptapal
Автор

Really nice explanation on OIDC flow and what to do with the ID token

TanujitChowdhury
Автор

that's a very great explanation, man. thanks a lot.

bipinkhatiwada
Автор

Outstanding presentation, thank you for sharing!

tibi
Автор

Small but important detail 41:16 he says there are only 3 flows but in reality OpenID Connect supports all OAuth 2.0 grant types including ROPC Grant and Client Credentials Grant.

MrOsefosef
Автор

In these diagrams, using the Twitter example, would "client" always refer to Buffer's back and and "resource server" always refer to Twitter's back end?

hackerman
Автор

Endpoint should be /token instead of /auth at 17:26

tiwarivikash
Автор

Too bad he doesn't say anything about the Authorization Code Grant with Proof Key For Code Exchange (PKCE) flow because that is now the recommended flow for public clients instead of the implicit flow. And yes this was recommended before 2018.

vincentbaeten
Автор

Can you give me that What is Client at 14 : 25 ?? Follow me it can Server API ?

tech.talk