Join Keith Casey for an in-depth discussion in this video Common security considerations, part of Web Security: OAuth and OpenID Connect.
- [Instructor] Now let's talk about…how to properly secure the implicit or the hybrid flow.…Other than recommending a proven solution like AppAuth…or Passport, as I did earlier, I'm not going…to go into great detail on libraries or configurations.…Instead, let's stay focused…on the aspects related to OAuth specifically.…First, we have to remember what an Access Token is.…It's a grant for the application…to act on the user's behalf.…Therefore, if another application or user…is able to hijack it, they can act as us.…
We have to make sure this token is stored…and used securely for its entire lifetime.…That means we should not use it in a URL,…or store it in any form of shared storage.…If you're using the AppAuth library,…that will handle it for us on mobile.…For single page applications, we either have…to do it ourselves or count on another library.…Next, we should always remember that we're dealing…with credentials, so communications…should be over secure mechanisms, such as TLS.…
Next, as part of the flow, we provide a redirect uri,…
- How does OAuth 2.0 work, and what problems does it solve?
- What is OpenID Connect, and how is it different from OAuth?
- OAuth tokens and their usage
- Authorization in microservices
- Common security considerations
- Authorization for mobile apps and SPA
- Authorization in legacy applications
- Server-side implementations
Skill Level Intermediate
1. What Is OAuth?
2. Core Terminology
3. Client Credential: Authorization for Microservices
4. Implicit or Hybrid: Authorization for Mobile Devices
5. Grant Type: Authorization Code
6. Grant Type: Resource Owner Password Flow
7. Server-Side Implementations
Next steps1m 40s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.