Mastering OAuth 2.0 and OIDC Security (February 2025)

OAuth 2.0 and OpenID Connect have become cornerstone technologies for most modern applications. Unfortunately, these technologies are insanely complex to grasp, making it hard to use them securely.

This workshop takes you on a step-by-step journey into the world of OAuth 2.0 and OpenID Connect. The Essentials training helps you understand best practices for building secure applications. The Advanced training allows you to level up your OAuth 2.0 security using the latest state-of-the-art security mechanisms.

During this two-day hands-on training, spread out over four half days, we'll explore a broad range of OAuth 2.0 and OIDC topics. The outline below illustrates what the workshop will look like.

Day 1

• Introduction to OAuth 2.0 and OpenID Connect
• Architecture patterns using OAuth 2.0 and OpenID Connect
• Best practices for securing OAuth 2.0 and OIDC flows
• Understanding OAuth 2.0 security in frontends
• Breaking OAuth 2.0 security in frontends
• Securing OAuth 2.0 with the Backend-For-Frontend pattern
• Using scopes and permissions in OAuth 2.0
• Securing APIs with OAuth 2.0
• Demos and practical examples throughout the day

Day 2

• Advanced use cases for OAuth 2.0 and OpenID Connect
• Handling delegation scenarios in modern architectures
• Security best practices for confidential OAuth 2.0 clients
• Reducing access token authority with Resource Indicators
• Using sender-constrained tokens with mTLS and DPoP
• Securing OAuth 2.0 flows with JAR and PAR
• Advanced attacks and defenses against OAuth 2.0 flows
• Demos and practical examples throughout the day

This workshop is here to give you the skills you need to design architectures using OAuth 2.0 and OpenID Connect, to assess the security of your applications, and to enhance them using the latest best practices. In-depth lectures, real-world demos, fun quizzes, and practical examples will guide you through the complex landscape of OAuth 2.0 and OpenID Connect.