Authentication for web applications using OpenID Connect.
Jump to Section
Jump to a section in the video for explanation on a specific topic.
- Confidential clients - definition
- The grant used for web sign in: implicit with form_post
- Web sign in - detailed walkthrough and diagram
- Request protected route on web app
- Authorization request
- Client ID
- Default response_mode per response_type
- Authorization request (continued)
- Authorization response
- Token validation and web app session creation
- Anatomy of an ID token
- Principles of token validation
- Subject confirmation
- Validating tokens according to format
- Signature checks
- "Infrastructural" claims (issuer, audience, expiration)
- Validating tokens via introspection
- Attention points with introspection
- Metadata and discovery
Calling an API
How to obtain and use access and refresh tokens for delegated authorization in a traditional web application.
Desktop and Mobile Apps
Authentication and delegated authorization for desktop and mobile applications and a public client overview.
Single Page Apps
Authentication and delegated authorization for single page applications.