Protecting Your APIs with OAuth
Рет қаралды 12,891
Күн бұрынLearn how to use OAuth 2.0 to secure access to your APIs-and the common API mistakes you might be making.
Resources mentioned in the webinar:
* OAuth 2.0 Simplified book: oauth2simplified.com
* OAuth community website: oauth.net/2/
* VIDEO: What's going on with the Implicit Flow? • What's going on with t...
* Is the Implicit Flow dead? developer.okta.com/blog/2019/...
* OAuth Security Best Current Practice: oauth.net/2/oauth-best-practice/
* Rich Authorization Requests: oauth.net/2/rich-authorizatio...
---------------------------------------------------------------------------------------------------------------------------
Okta is a developer API service that stores user accounts for your web apps, mobile apps, and APIs.
* Sign up for Okta for free at developer.okta.com/signup/
* For more info visit us at developer.okta.com/
* Developer Blog: developer.okta.com/blog/
* Follow us on Twitter: / oktadev
* Follow us on FB: / oktadevelopers
* Follow us on LinkedIn: / oktadev
@harrylyod3402 Жыл бұрын
loved it thanks for the explanation.
@chrise202 4 жыл бұрын
Hi Aaron you've mention in various videos about SPA's and JS/Angular apps hosted on CDN's that they should use Auth Code + PKCE. But theres no "back channel" for SPA's. Does this mean front channel will be used? Apart from getting the token by a POST rather than fragment or queryString, are there any other advantages in Auth Code over Implicit?
@patrickm9953 4 жыл бұрын
My cats love Oauth 2.0 !
@codedynamics1 2 жыл бұрын
thanks Arron, ive subbed ;)
@samanthaferguson6018 3 жыл бұрын
01:59 spec like legal contract
@codingexpedition4625 4 жыл бұрын
I have a hard time separating idToken and accessToken, can you help me with the following: The token shown in the video at kzbin.info/www/bejne/bpSUhIKrhJmghsU, includes both a userId and access scopes. Am I right to say that a token which both includes the userId and access scopes is an "idToken"? (Cause pure oauth access_tokens only include scopes but no user info)
@beatagozdziaszek8157 4 жыл бұрын
Access token authorizes access to some server resources. They are not intended to carry information about the user. They simply allow access to certain defined server resources. ID token contains information about a user and their authentication status. It can be used by your client both for authentication and as a store of information about that user.
@domaincontroller 3 жыл бұрын
01:59 spec like legal contract
@samanthaferguson6018 3 жыл бұрын
01:59 spec like legal contract
GOTO Conferences
Рет қаралды 18 М.
notebook-31
Рет қаралды 116 М.