In this two-part workshop series, you'll learn best practices for implementing OAuth in web apps, native apps, and single-page apps. You'll learn how to implement OAuth securely, both when writing an app as well as building an API. You'll also learn how OpenID Connect builds on top of OAuth 2.0 to provide the identity of users signing in. We'll work through some live coding examples to demonstrate the common OAuth patterns we discuss. Lastly, you'll learn the pros and cons of various options for choosing token lifetimes when building an API.

Part 1 focuses on a high-level introduction to OAuth and OpenID Connect, talking about the background of why OAuth is important, and detailing use cases for each OAuth flow.

Part 2 goes into a deep dive on building a secure OAuth client from scratch. Live coding examples will illustrate how to get an access token to access APIs and how to learn the user’s name and email using OpenID Connect. We’ll also build a functioning API that validates access tokens and returns private data. We’ll conclude with a discussion of the various options for access token lifetime and different ways to validate access tokens, talking about the tradeoffs of each.

By the end of the session, you’ll be able to authenticate users and protect APIs using OAuth and OpenID Connect.

Feel free to register for one or both, depending on your needs! We look forward to seeing you!