Join Keith Casey for an in-depth discussion in this video Authorization code for web applications, part of Web Security: OAuth and OpenID Connect.
- The next grant type we'll cover…is the Authorization Code Flow.…As a parent, I know I'm not supposed to have favorites…but this is my favorite grant type.…Sure, it's not as simple as the Client Credential Flow.…It's not mobile friendly like the Hybrid Flow,…but it just plain works.…Even better, since this depends on a back-end component…and the programming language doesn't matter,…you can count on it to protect our client's secret.…There is an opportunity for this to be attacked,…but the window is very small, and don't worry.…
We'll cover that in the Security Considerations video.…And finally, and probably most importantly,…the libraries around this are very stable and widely used.…But enough of me talking about it,…let's see the steps of the flow.…In practice, this is what it looks like.…The user navigates to a page and the application…hits something that's a protected resource.…It could be anything from an API to account information.…Next, they send you to the identity provider…or authorization server that you both trust…
- How does OAuth 2.0 work, and what problems does it solve?
- What is OpenID Connect, and how is it different from OAuth?
- OAuth tokens and their usage
- Authorization in microservices
- Common security considerations
- Authorization for mobile apps and SPA
- Authorization in legacy applications
- Server-side implementations
Skill Level Advanced
1. What Is OAuth?
2. Core Terminology
3. Client Credential: Authorization for Microservices
4. Implicit or Hybrid: Authorization for Mobile Devices
5. Grant Type: Authorization Code
6. Grant Type: Resource Owner Password Flow
7. Server-Side Implementations
Next steps1m 40s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.