Join Keith Casey for an in-depth discussion in this video Lab: Configuring an OAuth server in PHP, part of Web Security: OAuth and OpenID Connect.
- [Instructor] You can run your own OAuth server…from a variety of different open source projects.…For this course,…I've used the PHP leagues package called OAuth Server.…The requirements are pretty minimal.…Basically, you need a written modern version of PHP,…and openssl support.…And while these instructions are pretty complete…in terms of getting things set up in installation,…I actually recommend…that you go to the Get Hubber Pository for the project.…Instead, go the examples folder.…By following these instructions,…it sets up the slim php framework…to handle the incoming requests.…
The OAuth Server to process the request…and generate the tokens,…the public and private keys…for token signing and validation.…And even a jot library…to make sure the signatures…are accurately created and applied.…While this works,…one of the down sides…is something I've mentioned throughout.…While it supports the four core OAuth grant types,…it might not support all the extensions that you might need.…Granted, as an open source project,…
- How does OAuth 2.0 work, and what problems does it solve?
- What is OpenID Connect, and how is it different from OAuth?
- OAuth tokens and their usage
- Authorization in microservices
- Common security considerations
- Authorization for mobile apps and SPA
- Authorization in legacy applications
- Server-side implementations
Skill Level Advanced
1. What Is OAuth?
2. Core Terminology
3. Client Credential: Authorization for Microservices
4. Implicit or Hybrid: Authorization for Mobile Devices
5. Grant Type: Authorization Code
6. Grant Type: Resource Owner Password Flow
7. Server-Side Implementations
Next steps1m 40s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.