This workshop will introduce you to the concepts and ideas behind OAuth 2.0 and OpenID Connect (OIDC), and how they can help to secure your apps and APIs.

We will also discuss why things are designed the way they are, how they should be deployed in a scalable fashion, and what it means to build an entire API platform that uses these standards. In the practical part of the workshop we’ll run end-to-end flows and attendees will gain the information needed to implement their OAuth and OpenID Connect based solutions.

Throughout the session, we encourage discussions and questions. For example: why should we, or should we not use the standards in certain ways. What can go wrong, and how does your organization gain the highest degree of reusability when deploying these mechanisms?

The discussion will include:

• OAuth Flows and Actors
• OpenID Connect
• Token Formats
• Token Handling
• Securing an API

Why attend?
Attend this workshop to:

• Learn how to use OAuth and OIDC to secure your APIs
• Use Code Flow and PKCE in an OAuth client
• Learn how to shape tokens for authorization decisions
• Discover how OAuth enables a microservices and DevOps-oriented environment

Who should attend?
If you are a developer or an architect working with API development or front-end development such as apps or websites, then this workshop is for you. The workshop is relevant to anyone involved in making digital services secure and privacy-oriented.

Prerequisites
You don’t need any previous experience with the OAuth and OpenID Connect standards to attend.

Don’t forget to bring your laptop. You will need to be able to run Docker.