OAuth2 for Securing Web Applications: Part 2 OpenID Connect and Keycloak

  • Matthew Baker

Your browser needs to be JavaScript capable to view this video

Try reloading this page, or reviewing your browser settings

You're watching a preview of subscription content. Log in to check access

OAuth2 is a popular protocol for web application security. It allows one application to access a user’s account at another site, and to provide secure access to APIs.

Popular web services such as Google APIs, Facebook, Instagram, GitHub and many more use OAuth2 and if you want your application to use these services, you will need to learn how to use it. OpenID Connect is a protocol for single sign-on built on top of OAuth2. With it, your users can sign in with Amazon, Google, Microsoft and other popular services.

This course will teach the fundamentals of these protocols, and walk through how to use them in your applications. We will also look Keycloak, a popular, open-source identity management system that implements OAuth2 and OpenID Connect. We will use it to build example OAuth2 and OpenID Connect backends and build a simple JavaScript client to access them.

You’ll Learn:

  • The fundamental key concepts and workflows for the popular OAuth2 protocol used in web application security

  • How to use OAuth2 with confidence with your applications and services by overcoming common pitfalls

  • How to implement OAuth2 in your current projects with particular focus on current best practices and strategies

Who Is It For

For web developers and app designers who want to get to grips with OAuth2 and integrate it into their apps and projects as well as anyone who is interested in application security.

Now you have a grasp of OAuth2 we’ll look at Keycloak, an open-source identity management system and OpenID Connect backends.

About The Author

Matthew Baker

Matthew Baker is the Head of Scientific Software and Data Management at ETH Zurich, Switzerland’s leading science and technology university, He leads a team of engineers develo** custom software to support STEM research projects, as well as teaches computer science short courses. Having over 25 years of experience develo** software, he has worked as a developer, systems administrator, project manager and consultant in various sectors from banking and insurance, science and engineering, to military intelligence.

 

About this video

Author(s)
Matthew Baker
DOI
https://doi.org/10.1007/978-1-4842-9763-6
Online ISBN
978-1-4842-9763-6
Total duration
48 min
Publisher
Apress
Copyright information
© Matthew Baker 2023

Related content

Video Transcript

Hello, and welcome to part two of this two part course on OAuth2 OpenID Connect and Keycloak. OAuth2 is one of the most popular methods for securing web applications.

I’m Matthew Baker from ETH Zurich in Switzerland and I’ve spent three decades working in software engineering in industry and academia. I’m also the author of Secure Web Application Development published by Apress.

In part one of the series, we looked at OAuth2 fundamentals. In this part, we’ll move on to OpenID Connect and Keycloak. OpenID Connect builds on OAuth2 to provide single or federated sign on.

Keycloak is an identity management system, which will do a lot of the OAuth2 and OpenID Connect heavy lifting for us. We’ll look at what OpenID Connect and Keycloak can do for us. We’ll recap on the OAuth2 basics, see how to install Keycloak and then get our hands dirty, using Keycloak for an OAuth2 flow. We will then turn to OpenID Connect and implement it with Keycloak as well. We’ll take a look at building a JavaScript client and then summarize what we’ve learned.