Everything You Ever Wanted to Know About OAuth and OIDC
About this talk
In this session, Aaron Parecki, author of OAuth 2.0 Simplified and co-editor of the in-progress OAuth 2.1 spec, will cover the basics of the OAuth and OpenID Connect protocols. You’ll learn about when you’d want to use OAuth or OpenID Connect (or both!), when to use each of the grant types, and how to use OAuth and OpenID Connect securely from mobile applications. Aaron also covers the latest best practices around OAuth security currently in development by the group. You'll also learn about the upcoming OAuth 2.1 update and what it means for you and your applications. You'll learn how to use JWT access tokens and the tradeoffs that come with them, how to design scopes that allow granular access to various parts of your backend services, and how to design a microservices architecture protected by OAuth at a gateway.