Join Keith Casey for an in-depth discussion in this video Lab: Build an example in curl, part of Web Security: OAuth and OpenID Connect.
- [Instructor] The resource owner password flow…can be done much the same way…as the client credential flow.…Because, although it does have a user involved,…it makes the actual request behind the scenes…with the user name and password…the user already provided.…As a result, it does need a user interface…but before the actual request is performed.…In this case, we're going to skip…directly to the request.…For context, I'm using the php based…league oauth server,…which I installed and configured for a later video.…If you install their example configuration…using the slim frame work,…you should see similar results.…
In fact, the documentation is available here…under the password grant type.…Alternatively, this should work similarly…for any oauth server out there,…which implements the resource owner password flow.…And now, on with the flow.…Once again, we make a curl request.…We're making a post to our server as usual.…As I noted before, this is going to localhost,…so we are running this locally.…
It is http, not https.…
- How does OAuth 2.0 work, and what problems does it solve?
- What is OpenID Connect, and how is it different from OAuth?
- OAuth tokens and their usage
- Authorization in microservices
- Common security considerations
- Authorization for mobile apps and SPA
- Authorization in legacy applications
- Server-side implementations
Skill Level Advanced
1. What Is OAuth?
2. Core Terminology
3. Client Credential: Authorization for Microservices
4. Implicit or Hybrid: Authorization for Mobile Devices
5. Grant Type: Authorization Code
6. Grant Type: Resource Owner Password Flow
7. Server-Side Implementations
Next steps1m 40s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.