Introduction to OAuth 2.0 and OpenID Connect • Philippe De Ryck • GOTO 2018

Рет қаралды 47,393

Күн бұрын

This presentation was recorded at GOTO Berlin 2018. #gotocon #gotober
gotober.com
Philippe De Ryck - Founder of Pragmatic Web Security, Google Developer Expert ‪@philippederyck2572‬
ABSTRACT
OAuth is a delegation framework that appears on the radar of security professionals and developers more and more every day. OAuth intersects with authentication and access control, yet you would not likely use OAuth in and of itself for authentication, session management or an access control in your applications. Even more confusing, OAuth is not a standard and various service providers will likely have different implementations. Let's say it again, OAuth is not a standard - its a framework for delegation. So this leaves us with questions! What really is delegation? Where does OAuth fit [...]
Download slides and read the full abstract here:
gotober.com/20...
RECOMMENDED BOOKS
Aaron Parecki • OAuth 2.0 Simplified • amzn.to/2A3IMOf
Aaron Parecki • OAuth 2.0 Servers • amzn.to/3ecHEsz
Aaron Parecki • The Little Book of OAuth 2.0 RFCs • amzn.to/3i7qnlC
Erdal Ozkaya • Cybersecurity: The Beginner's Guide • amzn.to/2T6OIj3
Richer & Sanso • OAuth 2 in Action • amzn.to/3hXiAH6
Wilson & Hingnikar • Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0 • amzn.to/2U8iLY2
/ gotocon
/ goto-
/ goto_con
/ gotoconferences
#OAuth2 #OAuth #OpenIDConnect #security #openID #PhilippeDeRyck
CHANNEL MEMBERSHIP BONUS
Join this channel to get early access to videos & other perks:
/ @goto-
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at gotopia.tech
Sign up for updates and specials at gotopia.tech/n...
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
www.youtube.co...

Пікірлер: 37

@PaulVanBladel 3 жыл бұрын

Brilliant. There are just talks or there is a presentation driven by someone who has the vast intention and willingness to transfer knowledge. That's what we have here. Thanks Philippe.

@leo-phiponacci Жыл бұрын

The best talk about OAuth and OIDC ever watched

@vadimemelin2941 2 жыл бұрын

Man, I am glad that thing finally makes sense to me

@ubaidullah3328 2 жыл бұрын

Thank you. First talk in two weeks that has explained oidc

@albpace 5 жыл бұрын

Finally an outstanding presentation that also explain the resource server perspective. Without doubt the best Oauth-2 presentation so far I have found on youtube.

@VIJAYBVERMA 5 жыл бұрын

Thank you. By far the best session on OAuth2.0 available on youtube.

@islamh6042 2 жыл бұрын

A consolidated session. Thanks a lot Philippe and GOTO!

@nikolassepos1640 4 жыл бұрын

Thank you Philippe De Ryck for this excellent presentation!

@TanujitChowdhury 4 жыл бұрын

Really nice explanation on OIDC flow and what to do with the ID token

@sudiptapal7606 5 жыл бұрын

The best on the topic ! Philipe rocks !

@maartenknf 3 жыл бұрын

This is a really clear explanation!

@divabanyuwigara3562 5 жыл бұрын

I like this guy, he explain very well.

@jailson772 5 жыл бұрын

Awesome explanation thanks Philippe

@bipinkhatiwada 5 жыл бұрын

that's a very great explanation, man. thanks a lot.

@MrOsefosef 2 жыл бұрын

Small but important detail 41:16 he says there are only 3 flows but in reality OpenID Connect supports all OAuth 2.0 grant types including ROPC Grant and Client Credentials Grant.

@tibi536 5 жыл бұрын

Outstanding presentation, thank you for sharing!

@tiwarivikash12 5 жыл бұрын

Endpoint should be /token instead of /auth at 17:26

@iammen7 5 жыл бұрын

Very good explanation. Thanks you.

@hackerman5764 3 ай бұрын

In these diagrams, using the Twitter example, would "client" always refer to Buffer's back and and "resource server" always refer to Twitter's back end?

@mgrycz 5 жыл бұрын

Perfect presentation.

@baolam4180 2 жыл бұрын

Thanks

@nullentrophy 3 жыл бұрын

I love GOTO; Intro

@daoudacamara5232 5 жыл бұрын

Very good presentation!

@loginjones 6 жыл бұрын

wonderful talk

@toriaezunama 6 жыл бұрын

Really well explained. Thank you!

@Anon-tt9rz 6 жыл бұрын

very well presented, thanks!

@jinxblaze 6 жыл бұрын

beautiful

@nikitarungta3423 6 жыл бұрын

very well explained

@acsidaho 6 жыл бұрын

very helpful. thank you.

@ThePelcher 5 жыл бұрын

Very good!

@rodolfopicoreti8115 5 жыл бұрын

Excelent...

@vincentbaeten173 4 жыл бұрын

Too bad he doesn't say anything about the Authorization Code Grant with Proof Key For Code Exchange (PKCE) flow because that is now the recommended flow for public clients instead of the implicit flow. And yes this was recommended before 2018.