Many of my 7100 students of the OAuth course have asked me to create a new course on OpenID Connect & JWT . And I completely understand why. Because as an API professional in 2020, you simply need to know the why, what and how of OpenID Connect!
So I am glad to announce today, that after months of hard work, this online course is finally available!
Some of the Contents…
1 Introduction
1.1 What is OpenID Connect
1.2 What can be done with OpenID Connect
1.3 How does OpenID Connect Work
1.4 OAuth 2 vs. OpenID Connect
1.5 Common Misunderstandings
2 OpenID Connect Actors
2.1 OpenID Connect Provider
2.2 Resource Provider
2.3 End-user (a.k.a. Resource Owner)
2.4 Client (a.k.a. App)
3 OpenID Connect Endpoints
3.1 Authorization Endpoint
3.2 Resource Endpoint
3.3 Userinfo Endpoint
3.4 Token Endpoint
3.5 Redirect Endpoint
4 Tokens in OpenID Connect
4.1 Explanation of the Different Token Types in OpenID Connect
4.2 Access Token
4.3 Refresh Token
4.4 Authorization Code
4.5 ID Token
5 The various OpenID Connect flows and when to use which flow
5.1 Authorization Code Flow
5.2 Refresh Flow
5.3 Implicit Flows
5.4 Hybrid Flows
6 Using OpenID Connect in Practice
6.1 Choosing A Suitable OpenID Connect Flow
6.2 Client Registration
6.3 Redirect Endpoint Implementation
6.4 Initiation of OpenID Connect Flow
6.5 Validation of OpenID Connect Tokens
6.6 Access to Resource Endpoints and Userinfo Endpoint
7 JSON Token Infrastructure
7.1 JSON Web Token (JWT)
7.2 JSON Web Signature (JWS)
7.3 JSON Web Encryption (JWE)
7.4 JSON Web Key (JWK) and JSON Web Key Set (JWKS)
7.5 JSON Web Algorithm (JWA)
8 Practical Exercises & Solution
8.1 Exercise & Solution: Getting an ID Token from Google
8.2 Exercise & Solution: Discovering the Public Key used for validating the ID Token from Google
I wish you lots of fun with my new course on OpenID Connect. As a security expert, you need to know about OpenID Connect in 2020. All the best and a good start into the New Year!
Also published on Medium.
