From the course: Web Security: OAuth and OpenID Connect (2019)
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Build an example: Web app or Postman
From the course: Web Security: OAuth and OpenID Connect (2019)
Build an example: Web app or Postman
- [Instructor] As I noted earlier, the authorization code flow is my favorite grant type. Not because it's particularly simple, but because it's effective. The third party application never sees our credentials and the end user never sees the access token. It's the best of both worlds. For this example, we're going to keep it simple and use Oauth.com's OAuth playground. So from the front page of the site, if we scroll down, we'll find the playground itself and this will actually allow us to follow through with any of these flows directly on the site. But in order to show the details of how things work, I want to go ahead and use Postman. So just like any other scenario, we have to register our new client. This'll register the OAuth client behind the scenes along with a user account to go with it. So that we've got all the information that we can go through the entire authorization code flow. We'll give it just a moment to…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
(Locked)
Overview: Authorization code flow1m 37s
-
(Locked)
When should I use this?1m 4s
-
(Locked)
PKCE Overview1m 54s
-
(Locked)
When should I use PKCE?1m 22s
-
(Locked)
Build an example: Web app or Postman4m 31s
-
(Locked)
Build an example: Native app or SPA2m 38s
-
(Locked)
Security considerations2m 15s
-
(Locked)
-
-
-
-
-
-
-