Introduction to OAuth 2

The Introduction to OAuth 2 training course teaches developers all aspects of OAuth 2. OAuth 2 is a security protocol used across the web to protect APIs and enable applications to interact securely with services. In this two-day class developers will get a thorough overview of the OAuth 2 protocol, how it works, and why it works the way that it does. The first day focuses on the OAuth 2 protocol itself and includes a hands-on laboratory where developer will build a complete OAuth ecosystem from scratch, including the client, authorization server, and protected resource. We’ll also cover the variety of OAuth flows and how to choose between them. The second day focuses on the protocols and world around OAuth, including OpenID Connect for identity, token management with revocation and introspection, token formats using JWT and JOSE, dynamic client registration, server discovery, user-managed access, and proof of possession tokens. This day’s labs include hands-on JWT creation and parsing as well as implementation of OpenID Connect on top of the OAuth 2 system from the previous day.

Course Summary

Purpose: 
Learn how to build advanced web security with OAuth.
Audience: 
Developers of protected APIs or clients of those APIs, security architects.
Skill Level: 
Learning Style: 

Hands-on training is customized, instructor-led training with an in-depth presentation of a technology and its concepts, featuring such topics as Java, OOAD, and Open Source.

Hands On help
Duration: 
2 Days
Productivity Objectives: 
  • OAuth 2 protocol flows

  • Deep understanding of the authorization code flow

  • When to use which OAuth flow

  • What OAuth doesn’t cover

  • How OpenID Connect is built on top of OAuth

  • Familiarity with advanced topics including introspection, revocation, registration, discovery, UMA, and PoP

What You'll Learn

In the Introduction to OAuth 2 training course you’ll learn:

  • Day 1:

  • What is OAuth 2.0

  • How did we solve API access without OAuth?

  • How OAuth protects APIs

  • A history of OAuth

  • What OAuth isn’t

  • The authorization code flow

  • Building an OAuth ecosystem (lab)

  • Refresh tokens

  • Scopes

  • OAuth flows

    • Implicit

    • Client credentials

    • Password

    • Assertion

  • Native clients

    • PKCE

  • Choosing different OAuth flows


  • Day2:

  • JSON Web Tokens (JWT)

    • JOSE

  • Making JWTs (lab)

  • User authentication

    • What is Authentication?

    • Can we build Authentication with OAuth?

  • OpenID Connect

    • ID Tokens

    • UserInfo

  • Adding OpenID Connect to OAuth (lab)

  • Discovery

  • Dynamic registration

  • Token introspection

  • Token revocation

  • User-managed Access

  • Proof of Possession


Contact us to learn more

Not all training courses are created equal. Let the customization process begin! We'll work with you to design a custom Introduction to OAuth 2 training course that meets your specific needs.

DevelopIntelligence has been in the technical/software development learning and training industry for nearly 20 years. We’ve provided learning solutions to more than 48,000 engineers, across 220 organizations worldwide.

About Develop Intelligence
Di Clients
Need help finding the right learning solution?   Call us: 877-629-5631