Session 4: Server to Server Communication with OAuth
Applications that don't have users directly involved in the transaction are special in OAuth. In this session we discuss how to use OAuth for server applications and what tools there are to secure the usages of these tokens.
- Server to Server communication
- Client Credentials Flow
- Client Authentication Methods: Mutual TLS (MTLS)
- Client Authentication Methods: JWT Client Assertion
- Client Authentication Methods: Secret
- MTLS Sender Constrained Tokens
Related resources
- Centralizing Identity Data
- Scopes, Claims and the Client
- Introduction to Scopes
- Introduction to Claims
- Using Claims in APIs
Course Outline
1
Session 1: Introduction to OAuth
2
Session 2: OAuth vs OpenID Connect
3
Session 3: Tokens and APIs
4
Session 4: Server to Server Communication with OAuth
5
Session 5: Design tokens for your APIs
6
Session 6: Dynamic Clients and Metadata
7
Session 7: OAuth for Mobile Applications
8