Session

Advanced OAuth & OpenID Connect

In the workshop, attendees will learn about the advanced aspects of OAuth and OpenID Connect. These will include such things as:

  • Advanced aspects of the code and implicit flow, for example:
    • acr_values and how this can be used for “step up” authentication
    • ui_locales
    • prompt=consent, prompt=none, prompt=login
    • max_age
    • by-value and by-ref request objects
    • variations on interactive user-consent
  • Hybrid flow
  • Form response mode
  • Proof Key for Code Exchange (PKCE or “pixie”)
  • Proof-of-Possession (PoP), i.e., Holder of Key (HoK)
  • Mutual TLS (mTLS) and cert-bound access tokens
  • Pairwise Pseudonymous Identifiers (PPID)
  • Dynamic Client Registration (DCR) and early/late user-binding using implicit or client credential flow
  • JWT authorization grant for user and client authentication
  • Down-scoping during token refresh
  • Signed and unsigned metadata and how to use it to verify tokens

To help solidify these concepts, they will be described verbally, with whiteboard drawings, and demonstrated. Attendees will also be able to implement them using a client application that will be provided together with written instructions. For this, students will need a laptop and the right to install software on that machine. Students will also be able to ask questions and get help during the workshop from the instructor and an aide.

(From the list of topics above, it should hopefully be obvious that the workshop will be in-depth and advanced. Attendees are, therefore, expected to have used or implemented these protocols before or to have at least attended a previous OAuth workshop. Extensive background info will not be provided.)

Event
Austin API Summit 2019
Time

May 13, 2019 13:00

Location:

211

Duration:

4 hours including break

Smarter Tech Decisions Using APIs

API blog

High impact blog posts and eBooks on API business models, and tech advice

API conferences

Connect with market leading platform creators at our events

API community

Join a helpful community of API practitioners

API Insights Straight to Your Inbox!

Can't make it to the event? Signup to the Nordic APIs newsletter for quality content. High impact blog posts on API business models and tech advice.

Join Our Thriving Community

Become a part of the world’s largest community of API practitioners and enthusiasts. Share your insights on the blog, speak at an event or exhibit at our conferences and create new business relationships with decision makers and top influencers responsible for API solutions.