Join Keith Casey for an in-depth discussion in this video Lab: Build an example with Postman, part of Web Security: OAuth and OpenID Connect.
- [Instructor] As I noted earlier,…the authorization code flow is my favorite grant type,…not because it's simple, but because it's effective.…The third-party application never sees our credentials.…The end user never sees the access token.…It's the best of both worlds.…For this example, we're going to keep it simple…and use Postman to interact with Google's OAuth service.…Within Postman,…you have to come to the Authorization tab here…and change the type to OAuth 2.0.…Now when we click Get New Access Token,…we can go ahead and set up some defaults.…
So we'll give it a token name.…In this case, it's just YouTube.…Our grant type is Authorization,…though we could do any of them from here.…And we need a callback URL.…Let's go ahead and drop over to Google…and find what we're looking for.…Now if you just look at the documentation,…sometimes this information's hard to find.…In fact, if a provider recommends…using an SDK or helper library,…it may get obfuscated completely.…My secret is I scroll down to the code samples…
- How does OAuth 2.0 work, and what problems does it solve?
- What is OpenID Connect, and how is it different from OAuth?
- OAuth tokens and their usage
- Authorization in microservices
- Common security considerations
- Authorization for mobile apps and SPA
- Authorization in legacy applications
- Server-side implementations
Skill Level Intermediate
1. What Is OAuth?
2. Core Terminology
3. Client Credential: Authorization for Microservices
4. Implicit or Hybrid: Authorization for Mobile Devices
5. Grant Type: Authorization Code
6. Grant Type: Resource Owner Password Flow
7. Server-Side Implementations
Next steps1m 40s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.