Mastering OAuth 2.0 and OIDC Security (February 2025)

Live online workshop via Zoom
View schedule

This course is completed. Check this page for the next upcoming date.



OAuth 2.0 and OpenID Connect have become cornerstone technologies for most modern applications. Unfortunately, these technologies are insanely complex to grasp, making it hard to use them securely.

This workshop takes you on a step-by-step journey into the world of OAuth 2.0 and OpenID Connect. We start with understanding best practices for building secure applications with OAuth 2.0 and OIDC. Next, we will level up your OAuth 2.0 security using the latest state-of-the-art security mechanisms.

During this two-day hands-on training, spread out over four half days, we'll explore a broad range of OAuth 2.0 and OIDC topics. The outline below illustrates what the workshop will look like.

Day 1

  • Introduction to OAuth 2.0 and OpenID Connect
  • Architecture patterns using OAuth 2.0 and OpenID Connect
  • Best practices for securing OAuth 2.0 and OIDC flows
  • Understanding OAuth 2.0 security in frontends
  • Breaking OAuth 2.0 security in frontends
  • Securing OAuth 2.0 with the Backend-For-Frontend pattern
  • Using scopes and permissions in OAuth 2.0
  • Securing APIs with OAuth 2.0
  • Demos and practical examples throughout the day

Day 2

  • Advanced use cases for OAuth 2.0 and OpenID Connect
  • Handling delegation scenarios in modern architectures
  • Security best practices for confidential OAuth 2.0 clients
  • Reducing access token authority with Resource Indicators
  • Using sender-constrained tokens with mTLS and DPoP
  • Securing OAuth 2.0 flows with JAR and PAR
  • Advanced attacks and defenses against OAuth 2.0 flows
  • Demos and practical examples throughout the day

This workshop is here to give you the skills you need to design architectures using OAuth 2.0 and OpenID Connect, to assess the security of your applications, and to enhance them using the latest best practices. In-depth lectures, real-world demos, fun quizzes, and practical examples will guide you through the complex landscape of OAuth 2.0 and OpenID Connect.

Tickets

Schedule

February 10th, 2025

9:00am – 12:30pm CET
Mastering OAuth 2.0 and OIDC Security workshop (Part 1)

February 11th, 2025

9:00am – 12:30pm CET
Mastering OAuth 2.0 and OIDC Security workshop (Part 2)

February 17th, 2025

9:00am – 12:30pm CET
Mastering OAuth 2.0 and OIDC Security workshop (Part 3)

February 18th, 2025

9:00am – 12:30pm CET
Mastering OAuth 2.0 and OIDC Security workshop (Part 4)

Additional Information

If you have any questions about this event or payment options, don't hesitate to reach out to courses@pragmaticwebsecurity.com

Links