In the workshop, you will learn about the advanced aspects of OAuth and OpenID Connect. These will include such things as:
- Advanced aspects of the code and implicit flow, for example:
- acr_values and how this can be used for “step up” authentication
- ui_locales
- prompt=consent, prompt=none, prompt=login
- max_age
- by-value and by-ref request objects
- variations on interactive user-consent
- Hybrid flow
- Form response mode
- Proof Key for Code Exchange (PKCE or “pixie”)
- Proof-of-Possession (PoP), i.e., Holder of Key (HoK)
- Mutual TLS (mTLS) and cert-bound access tokens
- Pairwise Pseudonymous Identifiers (PPID)
- Dynamic Client Registration (DCR) and early/late user-binding using implicit or client credential flow
- JWT authorization grant for user and client authentication
- Down-scoping during token refresh
- Signed and unsigned metadata and how to use it to verify tokens
To help solidify these concepts, they will be described verbally, with whiteboard drawings, and demonstrated. Attendees will also be able to implement them using a client application that will be provided together with written instructions. For this, attendees will need a laptop and the right to install software on that machine.
Knowledge prerequisite
Attendees are expected to have used or implemented these protocols before or to have at least attended a previous OAuth workshop. Extensive background info will not be provided.
