Join Keith Casey for an in-depth discussion in this video Lab: Build an example with the command line and Postman, part of Web Security: OAuth and OpenID Connect.
- [Instructor] The client credential…flow is the easiest of all the…OAuth grant types to implement.…It doesn't require user interface, which makes…sense because there isn't a user involved.…For context, I'm using the PHP based…league OAuth server, which I installed…and configure for a later video.…If you install their example configuration…using the slim framework, you…should see similar results here.…Alternatively, this should work similarly…for basically any OAuth server out there…which implements the client credential flow.…And now, on with the flow.…
I'm going to go ahead and make my request.…This is a curl request, and we're doing a post.…Then we're going to go ahead and…make our request to the server.…This is local host, 4444,…we're handing the client credentials…end point at this point, which is…basically just the PHP file that we're hitting,…and we're going to be requesting the access token.…Couple things to call out here,…notice it's HTTP, not HTTPS.…
In a production environment we would…want to use HTTPS, remember that's…
- How does OAuth 2.0 work, and what problems does it solve?
- What is OpenID Connect, and how is it different from OAuth?
- OAuth tokens and their usage
- Authorization in microservices
- Common security considerations
- Authorization for mobile apps and SPA
- Authorization in legacy applications
- Server-side implementations
Skill Level Advanced
1. What Is OAuth?
2. Core Terminology
3. Client Credential: Authorization for Microservices
4. Implicit or Hybrid: Authorization for Mobile Devices
5. Grant Type: Authorization Code
6. Grant Type: Resource Owner Password Flow
7. Server-Side Implementations
Next steps1m 40s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.