OAuth 2.0 is the most widely used standard for secure authorization on the Internet for modern Web and Mobile apps. There are a lot of pitfalls that can lead to an insecure app.

In this half-day workshop you’ll learn everything you need to know to build secure websites, mobile apps, and API services using OAuth and OpenID Connect. You'll learn best practices for implementing OAuth in web apps, native apps and single-page apps, as well as how to protect an API using OAuth access tokens. You'll also learn how OpenID Connect builds on top of OAuth 2.0 to provide the identity of users signing in. The hands-on exercises will give you a better understanding of the OAuth flows. The workshop will cover the common OAuth grants: authorization code, PKCE, refresh tokens, and OpenID Connect, and demonstrate how each works step by step. You’ll interact with a live OAuth server and use each grant to get an access token to make API requests and an ID token to get user information. Prerequisites * A basic understanding of HTTP requests, responses, and JSON * Experience with Postman, curl, or any other HTTP client * A free Okta Developer account from https://developer.okta.com To complete the exercises, you’ll need a computer where you can make HTTP requests using a command line tool like curl or a graphical tool like Postman. No programming knowledge is required.