Introduction to OAuth and OpenID Connect (OIDC)
One-Day Interactive (Classroom) Training - OWASP New Zealand Day 2022
This workshop provides an intro to OAuth and OpenID Connect for the complete beginner, and guides you through building an OAuth client from scratch. By the end of the workshop you’ll understand how to get an access token to access APIs as well as learn the user’s information such as their user ID and email address.
Dates: Wednesday, 6 July 2022
Time: 8:45 a.m. to 5:30 p.m. (NZDT)
Instructor: Aaron Parecki
Course Fee: NZ $500.00 (plus GST and ticketing fees)
Registration Site: https://events.humanitix.com/owaspnz2022-training
Maximum Enrolment: 36 attendees
OAuth 2.0 has become the industry standard for providing secure access to web APIs, allowing applications to access users’ data without compromising security. Companies around the world add OAuth to their APIs to enable secure access from their own apps, third-party apps, and even IoT devices. OAuth also serves as the foundation of OpenID Connect, the most widely deployed authentication protocol on the web today.
This workshop is for you if you are new to OAuth and OpenID Connect. The workshop begins with an introduction to OAuth and OpenID Connect concepts, and will lead you through completing an OAuth and OpenID Connect flow. You will learn the ins and outs of the OAuth Authorization Code flow with PKCE, and get a chance to try it out yourself.
The workshop will guide you through building an OAuth client from scratch in order to get an access token to access APIs as well as learn the user’s information such as their user ID and email address.
Prerequisites for the Exercises
- A basic understanding of HTTP Requests, Responses, and JSON
- Experience with Postman, curl, or any other HTTP client
- No programming language knowledge is necessary since the exercises can be completed without writing any code!
By the end of this workshop, you’ll understand:
- The problems OAuth was created to solve
- The basics of OAuth 2.0 and OpenID Connect (OIDC)
- Best practices for developing web-based and native OAuth apps
- Which OAuth grant type is right for your use case
- What to expect with the upcoming OAuth 2.1 standard
And you’ll be able to:
- Implement an OAuth client from scratch
- Use OpenID Connect to get the user’s email address
Aaron is a Senior Security Architect at Okta, with over 20 years of experience in the industry. He is the author of OAuth 2.0 Simplified, maintains oauth.net, and has taught the fundamentals of OAuth and online security to thousands of developers worldwide. He has been invited to speak at events around the world about OAuth, online security, privacy and data ownership. He is a regular contributor to several globally-recognized specifications at the IETF including OAuth 2.1 and GNAP.