SecAppDev 2019 has ended
Back To Schedule
Tuesday, February 19 • 11:00 - 12:30
Introduction to OAuth 2.0 and OpenID Connect

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

OAuth 2.0 and OpenID Connect are complex protocols to enable delegation and authentication. This session covers their meaning and highlights some potential security pitfalls you want to avoid.

OAuth 2.0 is likely one of the most complex aspects of modern web applications. It is often mistakenly assumed that OAuth 2.0 offers authentication and authorization. Instead, OAuth 2.0 only offers delegation. To make matters more complicated, there are at least six different OAuth 2.0 flows, each for a particular purpose. On top of that, OpenID Connect (OIDC) redefines some of these flows to enable authentication explicitly.

In this talk, we will clear up the confusion about OAuth 2.0 and OIDC. We will explain the purpose and properties of most relevant flows. We explore how to use OAuth 2.0’s delegation mechanism to enable authorization on a backend. Finally, we will look at using OIDC for end-user authentication with a third-party provider. At the end of this talk, you will have a solid understanding of OAuth 2.0/OIDC and how to use it in your applications.

This session is intended for anyone dealing with authentication and API access in web and mobile applications.


Philippe De Ryck

Founder, Pragmatic Web Security

Tuesday February 19, 2019 11:00 - 12:30 CET
Main building (room Lemaire)