Next up
OAuth2, OpenID Connect and Keycloak
Continuing in
OAuth2 for Securing Web Applications: Part 2
This is a preview of subscription content
Your browser needs to be JavaScript capable to view this video
Try reloading this page, or reviewing your browser settings
You're watching a preview of subscription content. Log in to check access
OAuth2 is a popular protocol for web application security. It allows one application to access a user’s account at another site, and to provide secure access to APIs.
Popular web services such as Google APIs, Facebook, Instagram, GitHub and many more use OAuth2 and if you want your application to use these services, you will need to learn how to use it. OpenID Connect is a protocol for single sign-on built on top of OAuth2. With it, your users can sign in with Amazon, Google, Microsoft and other popular services.
This course will teach the fundamentals of these protocols, and walk through how to use them in your applications. We will also look Keycloak, a popular, open-source identity management system that implements OAuth2 and OpenID Connect. We will use it to build example OAuth2 and OpenID Connect backends and build a simple JavaScript client to access them.
You’ll Learn:
-
The fundamental key concepts and workflows for the popular OAuth2 protocol used in web application security
-
How to use OAuth2 with confidence with your applications and services by overcoming common pitfalls
-
How to implement OAuth2 in your current projects with particular focus on current best practices and strategies
Who Is It For
For web developers and app designers who want to get to grips with OAuth2 and integrate it into their apps and projects as well as anyone who is interested in application security.
Now you have a grasp of OAuth2 we’ll look at Keycloak, an open-source identity management system and OpenID Connect backends.
About The Author
![Matthew Baker](https://media.springernature.com/w200h200/springer-static/image/bfm%3A978-1-4842-9763-6%2F1/MediaObjects/978-1-4842-9763-6_BookFrontmatter_Figa_HTML.jpg)
Matthew Baker is the Head of Scientific Software and Data Management at ETH Zurich, Switzerland’s leading science and technology university, He leads a team of engineers develo** custom software to support STEM research projects, as well as teaches computer science short courses. Having over 25 years of experience develo** software, he has worked as a developer, systems administrator, project manager and consultant in various sectors from banking and insurance, science and engineering, to military intelligence.
About this video
- Author(s)
- Matthew Baker
- DOI
- https://doi.org/10.1007/978-1-4842-9763-6
- Online ISBN
- 978-1-4842-9763-6
- Total duration
- 48 min
- Publisher
- Apress
- Copyright information
- © Matthew Baker 2023
Related content
Video Transcript
Hello, and welcome to part two of this two part course on OAuth2 OpenID Connect and Keycloak. OAuth2 is one of the most popular methods for securing web applications.
I’m Matthew Baker from ETH Zurich in Switzerland and I’ve spent three decades working in software engineering in industry and academia. I’m also the author of Secure Web Application Development published by Apress.
In part one of the series, we looked at OAuth2 fundamentals. In this part, we’ll move on to OpenID Connect and Keycloak. OpenID Connect builds on OAuth2 to provide single or federated sign on.
Keycloak is an identity management system, which will do a lot of the OAuth2 and OpenID Connect heavy lifting for us. We’ll look at what OpenID Connect and Keycloak can do for us. We’ll recap on the OAuth2 basics, see how to install Keycloak and then get our hands dirty, using Keycloak for an OAuth2 flow. We will then turn to OpenID Connect and implement it with Keycloak as well. We’ll take a look at building a JavaScript client and then summarize what we’ve learned.