Skip to main content
  • Contact us
  • Search

    Cloud native training

    OIDC and OAuth2: Securing APIs and web applications

    Let your team secure your APIs and web application with modern, industry-standard frameworks.

    oidc logo

    Implementing security properly can be difficult. In this training module, your team will learn how to implement authentication and authorization using the industry standard frameworks OpenID Connect (OIDC) and OAuth2. They will also learn the inner workings of these technologies, so that they can digest and debug authentication and authorization issues.

    Prerequisites

    • Basic Kubernetes understanding, similar to what you get in our Kubernetes fundamentals training module
    • Basic understanding of web applications and HTTP is recommended but not required
    • Basic Javascript knowledge is recommended but not required

    After completing this training module, your team will:

    • Understand how OIDC and OAuth2 work together to secure APIs and web applications
    • Know where OIDC and OAuth2 leaves it up to APIs and web applications to add security
    • Be able to digest OIDC authentication flows to debug and troubleshoot authentication and authorization problems
    • Understand JWT tokens, OIDC/OAuth2 scopes and claims
    • Be able to add authentication and fine-grained authorization to APIs and web applications using "your own code" and through the "authorizing proxy" pattern
    • Know how single-sign-on and social-login works with OIDC
    • Understand and protect your web applications against the common CSRF attack
    • Be able to protect single-page applications (SPAs) using the backend-for-frontend pattern.

    Duration

    One day

    Type

    Mix of theory and hands-on exercises

    Audience

    Developers, architects, site reliability engineers (SRE)

    Empower your entire team with new skills

    Contact us to plan this training just for your team.