Join Keith Casey for an in-depth discussion in this video What is OpenID Connect, and how is it different from OAuth?, part of Web Security: OAuth and OpenID Connect.
- [Instructor] Now let's talk about OpenID Connect.…But first, we have to go back to OAuth.…We talk about OAuth, most people think authorization.…Which is good because that's what it was designed for.…But it's not quite enough.…If you look through the OAuth specification,…you'll notice quite a few things missing.…First, it doesn't specify payloads.…Our tendency to use JSON Web Tokens…is by preference not by requirement.…Second, it doesn't specify how someone authenticates.…It just says that it happens, and the specific process…is beyond the scope of the specification…and entirely up to the identity provider.…
And finally, there's no indication…that really says who just authenticated.…We know somebody went through the authentication…and authorization process, we don't have…a lot of understanding on who.…Which brings OpenID Connect into play.…OpenID Connect is a simple identity layer…on top of OAuth itself.…And this defines specific fields for including…profile information like address,…phone number, email and other fields.…
- How does OAuth 2.0 work, and what problems does it solve?
- What is OpenID Connect, and how is it different from OAuth?
- OAuth tokens and their usage
- Authorization in microservices
- Common security considerations
- Authorization for mobile apps and SPA
- Authorization in legacy applications
- Server-side implementations
Skill Level Intermediate
1. What Is OAuth?
2. Core Terminology
3. Client Credential: Authorization for Microservices
4. Implicit or Hybrid: Authorization for Mobile Devices
5. Grant Type: Authorization Code
6. Grant Type: Resource Owner Password Flow
7. Server-Side Implementations
Next steps1m 40s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.