Join Keith Casey for an in-depth discussion in this video Authorization in microservices, part of Web Security: OAuth and OpenID Connect.
- (Instructor) The first grant type, or OAuth flow…that we're going to cover is also the easiest,…Client credential flow.…This is explicitly for authorizing a server…or service to communicate with or perform actions…on another service.…If you're familiar with service accounts…that are supported by systems like…active directory, or even Windows itself,…you might be familiar with this concept.…Most backend API's like Salesforce or Google…already do this.…Now, unlike other grant types, this one…does not involve a user.…And that's where people struggle with it.…
Remember, it's never acting on behalf…of a user, but acting on its own behalf.…When I say "own," I mean specifically…the application.…Now before we dive into a concrete example,…let's look at the mechanics.…In this particular flow, my client application…needs access to a protected resource.…It makes a request to our authorization server,…using its own client ID and client seeker,…which are effectively that application's…username and password.…The authorization server validates…
- How does OAuth 2.0 work, and what problems does it solve?
- What is OpenID Connect, and how is it different from OAuth?
- OAuth tokens and their usage
- Authorization in microservices
- Common security considerations
- Authorization for mobile apps and SPA
- Authorization in legacy applications
- Server-side implementations
Skill Level Intermediate
1. What Is OAuth?
2. Core Terminology
3. Client Credential: Authorization for Microservices
4. Implicit or Hybrid: Authorization for Mobile Devices
5. Grant Type: Authorization Code
6. Grant Type: Resource Owner Password Flow
7. Server-Side Implementations
Next steps1m 40s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.