This is a golden example of how a technical presentation should be. Great job!

Presenter was clear in mind what he is talking! I am able to understand which I failed to uderstand from many other similar content. Thank you.

not shortest one in KZbin, but one of the BEST to explain Oauth ! Thanks you !

One of the best presentations on this topic. Lucid, on-point, and yet moderately detailed. Thank you, Aaron.

I already read some articles, but this was a perfect explanation.

that was an absolutely brilliant tutorial. thanks very much.

Thanks for this video. I was curious about how to secure Web APIs using OAuth2.0 and the second half of this talk answered it perfectly.

Excellent presentation. It wasn't hard at all to watch for a half-hour talk.

Excellent presentation Aaron.

Now that was an exzellent talk!

6:28 Start of the OAuth 2.0 flow

Thanks for sharing this information. I found it very clear and useful. I am doing some work as IAM Arch and not always it is clear the path.

Simple and clean.

PKCE is not the replacement of client authentication. It's simply to prove whoever is exchanging code for token is the same guy who requested the code.

Very nice presentation. Really helped!

comprehensive presentation, thanks

Nice

Perfect explanation 10:28

Specs are not good tutorials, 20 specs 00:57 the password anti-pattern 02:23 OAuth spec, Sign in with 02:46 OAuth was designed to give access to data, accessing APIs not about identifying the user 04:15 OpenID connect 04:36 OAuth originally created for that third-party app access, first party app as well, gmail actually redirects you to the google OAuth server 06:24 we gonna take a look how OAuth works, from an application point of view 06:39 access token, hotel key 07:57 five roles 08:51 starting with the simplest flow 10:45

Hi, great presentation, the hotel card analogy is quite good. But IMHO, really poor choice of colors for the slides. I'm colorblind and don't see any difference between those arrows that you mentioned in slide at minute 10:39.

You may not want to expose scopes of a JWT to the world so reference token will be the only option.

Is OAuth 2.0 itself secure enough?

It's couldn't care less, not could care less