I’m really excited to announce the release of my latest Pluralsight course: “Getting Started with OAuth 2.0”.
In this course, we take a look at the OAuth 2 authorization framework and some of the work that’s been happening that makes OAuth and its extensions the gold standard for API security.
This course is going to be entirely programming free and is suitable for software developers of any language or stack. That being said, if you’re looking to get started with IdentityServer4, I highly recommend this course as your first step.
If you’re looking for a course that will allow you to understand and have a fighting chance with any OAuth implementation, then this is the course for you. This course will allow you to talk the talk and architect the right solution for you.
I debated changing this course to “Getting Started with OpenID Connect 1.0”, however, based on recent experiences with customers and workshop attendees, I’m finding a core understanding of OAuth is what is missing and causes the most “Eureka!” moments. Once you understand OAuth, adding OpenID Connect into the mix is much easier. After all, OpenID Connect is just an identity layer on top of OAuth; it only adds to it, it doesn’t remove anything.
- The core OAuth 2.0 specification
- Why OAuth is preferred over past API protection mechanisms
- How and when to use each grant type
- Common pitfalls/misconceptions
Popular extensions such as:
- Proof Key for Code Exchange (PKCE)
- OpenID Connect
- Device Flow
- Discovery Metadata
If there are any inconsistencies, or subjects you think need expanding or just want to know more about, let me know, and I’ll see about supplementing the course with a blog post addressing it.
I was a bit dubious about the sound quality on some of the modules, so feel free to reach out if you think it needs work.
And finally, I’m on the lookout for my next Pluralsight course topic. My current plan is something generic around authentication, or maybe that “Getting Started with OpenID Connect 1.0” course.
In May 2020, I updated this course to reflect some of the newer recommendations from the OAuth working group. These updates include:
- A new module called "Best Practices for Browser-based Applications"
- A teaser for OAuth 2.1
- Token exchange
- Updated code samples
- Minor text fixes.