Join Keith Casey for an in-depth discussion in this video Understanding the OAuth endpoints, part of Web Security: OAuth and OpenID Connect.
- [Presenter] Now let's dive into the mechanics…of how OAuth actually works.…But this is another place where we begin…to introduce some complexity.…If we go only by the core OAuth specification,…RFC 6749, there are only two endpoints to find-…the authorize endpoint, and the token endpoint.…First, the authorization endpoint…is what the end user, or the resource itself,…interacts with to establish permissions for the resource.…But here's the fun part, the how we establish identity…and obtain information.…
This we insert outside the scope with the specification.…There needs to be a trust relationship,…but everything beyond that is flexible.…The second and final endpoint in the RFC,…is the token endpoint.…It's where the client application…can exchange the authorization from the first endpoint…for an access and/or refresh token from this endpoint.…Now we can use that token for whatever we need.…And that's it!…The core OAuth specification…does not define any other endpoints.…
It leaves extension points for more,…but understand that everything else we cover in this session…
- How does OAuth 2.0 work, and what problems does it solve?
- What is OpenID Connect, and how is it different from OAuth?
- OAuth tokens and their usage
- Authorization in microservices
- Common security considerations
- Authorization for mobile apps and SPA
- Authorization in legacy applications
- Server-side implementations
Skill Level Intermediate
1. What Is OAuth?
2. Core Terminology
3. Client Credential: Authorization for Microservices
4. Implicit or Hybrid: Authorization for Mobile Devices
5. Grant Type: Authorization Code
6. Grant Type: Resource Owner Password Flow
7. Server-Side Implementations
Next steps1m 40s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.