Join Keith Casey for an in-depth discussion in this video How does it compare and contrast with other technologies?, part of Web Security: OAuth and OpenID Connect.
- [Narrator] One of the first questions…that always comes up around OAuth is:…how does OAuth compare with my standard of choice?…Or why is this better than my standard of choice?…If you come from an Enterprise background,…you're probably thinking of SAML.…SAML was designed in the early 2000s…and is primarily for single sign on purposes.…Well there's an SSO extension for OAuth.…More on that in the next section.…OAuth itself is built for authorization…so this is not a true one to one mapping.…
In addition, SAML is XML-based…and creates a larger payload.…So it's not ideal for mobile use cases.…Further, while it was designed…for single sign on, or SSO use cases,…it's not very good for delegated access.…Or in other words, an application acting on our behalf.…And potentially worst of all, is that it was designed…long before mobile apps or APIs existed…in the way we know them now.…As a result, it's not good at those use cases.…That's not a flaw in SAML, it just wasn't designed for that.…
So with regard to API specifically,…
- How does OAuth 2.0 work, and what problems does it solve?
- What is OpenID Connect, and how is it different from OAuth?
- OAuth tokens and their usage
- Authorization in microservices
- Common security considerations
- Authorization for mobile apps and SPA
- Authorization in legacy applications
- Server-side implementations
Skill Level Intermediate
1. What Is OAuth?
2. Core Terminology
3. Client Credential: Authorization for Microservices
4. Implicit or Hybrid: Authorization for Mobile Devices
5. Grant Type: Authorization Code
6. Grant Type: Resource Owner Password Flow
7. Server-Side Implementations
Next steps1m 40s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.