From the course: Web Security: OAuth and OpenID Connect (2019)
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
When should I use this?
From the course: Web Security: OAuth and OpenID Connect (2019)
When should I use this?
- [Instructor] The natural question becomes if Authorization Code Flow is the most secure, why don't I use it everywhere? Well unfortunately you can't. The step where you retrieve the tokens requires the authorization code, the client ID and the client secret. The client secret is effectively the application's password for the authorization server, so you have to protect it just like you'd protect a password. Therefor we can only use the Authorization Code Flow in scenarios where we have both a user involved and the application has a back end component. To translate, if your application is mostly .NET, Java, PHP, Python or another of any numerous back end languages, odds are that Authorization Code Flow is a viable option. Since we need a user, that means we can't use it for micro services, or otherwise service accounts. Further, since we need the client secret, we can't use it for single page apps or mobile apps where…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
Overview: Authorization code flow1m 37s
-
(Locked)
When should I use this?1m 4s
-
(Locked)
PKCE Overview1m 54s
-
(Locked)
When should I use PKCE?1m 22s
-
(Locked)
Build an example: Web app or Postman4m 31s
-
(Locked)
Build an example: Native app or SPA2m 38s
-
(Locked)
Security considerations2m 15s
-
(Locked)
-
-
-
-
-
-
-