Implementing security properly can be difficult. In this training module, your team will learn how to implement authentication and authorization using the industry standard frameworks OpenID Connect (OIDC) and OAuth2. They will also learn the inner workings of these technologies, so that they can digest and debug authentication and authorization issues.
Prerequisites
- Basic Kubernetes understanding, similar to what you get in our Kubernetes fundamentals training module
- Basic understanding of web applications and HTTP is recommended but not required
- Basic Javascript knowledge is recommended but not required
After completing this training module, your team will:
- Understand how OIDC and OAuth2 work together to secure APIs and web applications
- Know where OIDC and OAuth2 leaves it up to APIs and web applications to add security
- Be able to digest OIDC authentication flows to debug and troubleshoot authentication and authorization problems
- Understand JWT tokens, OIDC/OAuth2 scopes and claims
- Be able to add authentication and fine-grained authorization to APIs and web applications using "your own code" and through the "authorizing proxy" pattern
- Know how single-sign-on and social-login works with OIDC
- Understand and protect your web applications against the common CSRF attack
- Be able to protect single-page applications (SPAs) using the backend-for-frontend pattern.
Duration
One day
Type
Mix of theory and hands-on exercises
Audience
Developers, architects, site reliability engineers (SRE)
Empower your entire team with new skills
Contact us to plan this training just for your team.
Stay up to date - get the newsletter
Exclusive educational content and news from the Eficode world. Right in your inbox.
