From the course: Web Security: OAuth and OpenID Connect (2019)
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Security considerations
From the course: Web Security: OAuth and OpenID Connect (2019)
Security considerations
- [Man] Now let's talk about how to properly secure both Auth Code and Auth Code plus Pixie. The rules are basically the same. To be honest, these are probably the easiest grant types to secure, because of how they work. First, remember we're often passing around both authentication and authorization information and we have to protect it in transit, therefore we should only send over HTTPS using SSL or TLS. This applies regardless of the grant type so you'll hear it a few more times in this course. Next you must validate the access token before you use it. Once again, this applies regardless of grant type, so get use to hearing this one too. And now for a few things specific to Auth Code or Auth Code plus Pixie, remember that after the user authenticates they get an Auth Code, which is sent back to the application, then the app exchanges that for the actual access token. That code can only be used once and expires in 60…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
Overview: Authorization code flow1m 37s
-
(Locked)
When should I use this?1m 4s
-
(Locked)
PKCE Overview1m 54s
-
(Locked)
When should I use PKCE?1m 22s
-
(Locked)
Build an example: Web app or Postman4m 31s
-
(Locked)
Build an example: Native app or SPA2m 38s
-
(Locked)
Security considerations2m 15s
-
(Locked)
-
-
-
-
-
-
-