In a world of light-weight and cross-platform apps, devices and services we need technologies that work well on arbitrary devices and that allow us implementing our security requirements in an interoperable and manageable way. OAuth2, OpenID Connect and JWT are the replacements for the “old-school” protocols we used to build distributed security architectures with like Kerberos, WS-Trust, WS-Federation and SAML.
Author Name: Dominick Baier
Author Description:
Dominick works as an associate consultant for the Germany-based company thinktecture (http://www.thinktecture.com). His main area of focus is security in general and identity & access control in particular. He helps customers around the world implementing claims-based identity, single sign-on, authorization and federation in their web applications, services and APIs. Dominick is an international conference speaker and the author of “Developing more-secure ASP.NET Application” and co-author of th… more

Table of Contents

• Overview
  2mins
• The Security Stack for Modern Applications
  9mins
• JSON Web Tokens (JWT)
  14mins
• Introduction to OAuth2
  21mins
• OAuth2 Flows
  42mins
• OpenID Connect
  20mins
• OAuth2 Concerns
  27mins
• Resources
  4mins