Introduction to OpenID Connect and OAuth

This introductory workshop simplifies these fundamentals, giving developers, testers, and architects the skills to implement secure identity solutions. With hands-on exercises and practical insights, participants will gain a solid foundation to prevent vulnerabilities and work confidently with systems like Duende IdentityServer, Keykloak, and Entra ID.

What you will learn

• Authentication vs. authorization
• How OAuth 2.x and OpenID Connect work
• Fundamental concepts
• How a client authenticates against an authorization server
• How to retrieve and consume JWT tokens
• How OpenID Connect fits into your architecture
• How the tokens are secured and managed

This course includes many hands-on exercises that will help you understand how the protocol works under the hood.

After this course, we recommend taking the Web Security Fundamentals workshop. Understanding core web security concepts is crucial when implementing and working with authentication solutions.

Who Is This For?
This course is designed for both new and experienced developers and architects seeking to understand the fundamentals of application security using OAuth2 and OpenID Connect. With a focus on the core standards and protocols rather than a specific implementation or programming language, it’s the perfect fit regardless of whether you use Duende IdentityServer, Entra ID (AzureAD), KeyCloak, or any other authorization service.

Prerequisites

• You should have a good understanding of the following:
• The HTTP(s) protocol (including methods, headers, and cookies…)
• How the web works in general.
• Familiar with REST APIs and JSON
• Some experience in developing backend web solutions