Cloud native training

OIDC and OAuth2: Securing APIs and web applications

Let your team secure your APIs and web application with modern, industry-standard frameworks.

Implementing security properly can be difficult. In this training module, your team will learn how to implement authentication and authorization using the industry standard frameworks OpenID Connect (OIDC) and OAuth2. They will also learn the inner workings of these technologies, so that they can digest and debug authentication and authorization issues.

Prerequisites

  • Basic Kubernetes understanding, similar to what you get in our Kubernetes fundamentals training module

  • Basic understanding of web applications and HTTP is recommended but not required

  • Basic Javascript knowledge is recommended but not required

After completing this training module, your team will:

  • Understand how OIDC and OAuth2 work together to secure APIs and web applications

  • Know where OIDC and OAuth2 leaves it up to APIs and web applications to add security

  • Be able to digest OIDC authentication flows to debug and troubleshoot authentication and authorization problems

  • Understand JWT tokens, OIDC/OAuth2 scopes and claims

  • Be able to add authentication and fine-grained authorization to APIs and web applications using "your own code" and through the "authorizing proxy" pattern

  • Know how single-sign-on and social-login works with OIDC

  • Understand and protect your web applications against the common CSRF attack

  • Be able to protect single-page applications (SPAs) using the backend-for-frontend pattern.

Course Details

One day

Mix of theory and hands-on exercises

Developers, architects, site reliability engineers (SRE)

Empower your entire team with new skills

Contact us to plan this training just for your team.

Stay up to date - get the newsletter

Exclusive educational content and news from the Eficode world. Right in your inbox.