bestcourses is supported by learners. When you buy through links on our website, we may earn an affiliate commission. Learn more
OAuth 2.0: Nailed the core framework with hands dirty.
KeyCloak, Golang, React + Router + Bootstrap, Github’s OAuth. OAuth 2.0 RFCs
Created by Charnnarong Chomthiang, offered on Udemy
To make sure that we score courses properly, we pay a lot of attention to the reviews students leave on courses and how many students are taking a course in the first place. This course has a total of 633 students which left 116 reviews at an average rating of 4.65, which is average.
We analyze course length to see if courses cover all important aspects of a topic, taking into account how long the course is compared to the category average. This course has a length of 6 hours 4 minutes, which is pretty short. This might not be a bad thing, but we've found that longer courses are often more detailed & comprehensive. The average course length for this entire category is 5 hours 28 minutes.
This course currently has a bestcourses score of 5.8/10, which makes it an average course. Overall, there are probably better courses available for this topic on our platform.
In this course, we will start learning Oauth2 by using a production-ready Authorization Server such as Keycloak at the beginning. That sounds reasonable, but why do we do that?
By using a correct implementation authorization server at the beginning, it prevents us from going in the wrong way by ensuring that the authorization server complies with the Oauth 2.0 specification correctly. Besides, we can peacefully focus on how a client communicates with the authorization server in various different flows that are available and waiting for us to learn them and understand them. At the end of the day, it is less likely that one will use the Authorization server written from scratch for their production. And more importantly, we are focusing on fundamentals as our first priority. We wanted to divide the huge concept apart and conquer each small enough pieces that can be easily comprehended from the ground up.
Hence we offload what we haven’t focused yet to another piece of software we believe it implements correctly. Once we understand ins and outs all relevant theories, then our implementation will hardly go wrong if we really wanted to implement an Authentication server ourselves, In addition, the Authorization server is unarguably a complex system. So again, we won’t implement an authorization server in this course.
After we develop the OAuth 2.0 client and protected-resource. The protected resource will be a simple service that exposes APIs. Then we protected them with the Oauth2 framework. And with all solid understanding of the fundamental of how an authorization server behaves, plus the familiarity with RFC6749. Then we can at least implement a simple authorization server with joy.
Let’s imagine that, if this course was designed completely opposite direction, that is to guide you to start building the Authorization server at the beginning, it will draw a lot of energy from us. It will keep us juggling all OAuth's roles at once, and possibly take time to correct any mistakes that may occur from misunderstanding the concept and hence it could possibly take longer to achieve that same goal. That is why this course is carefully designed to deeply understand the Oauth 2.0 framework.
For more information and more specialty, please find my blog under my profile picture.
What you will learn
- Create a personal OAuth 2.0 playground in a virtual machine.
- The fundamentals of the OAuth 2.0 framework.
- Develop projects from scratch and secure them with OAuth 2.0
- Attack your own projects
- Apply some best practices like PKCE.
- A touch on OpenID Connect.
- Integrate our projects with Github’s OAuth application.
- A machine that can run a virtual machine by VirtualBox.
- Basic knowledge of programming.