OpenID Connect in Detail
In this 4 part online course you will get a comprehensive understanding of OpenID Connect. You will learn about important aspects of OpenID Connect such as: what are ID tokens and how to validate them, how to properly manage sessions and different ways of enabling stronger authentication methods.
Register to receive each new lesson directly to your inbox and watch from the comfort of your chair, at a time that suits you.
Each session is approximately 30 minutes long.
Session 1: Overview of OpenID Connect
The first session of the four part course highlights the differences between the OpenID Connect and OAuth specifications. You’ll learn about new flows introduced in OpenID Connect and some new concepts, like the metadata endpoint and the nonce parameter.
- Difference from OAuth
- Metadata of the OpenID Connect Provider
- Additional flows: Implicit flow
- Additional flows: Hybrid flow
- The nonce parameter
- Response modes
Session 2: ID Tokens and UserInfo EndPoint
In the second part, we will dive deep into claims and ID tokens. You will learn about standard claims introduced in OpenID Connect, their relation to scopes and to the UserInfo endpoint. You’ll also learn how the JWKS endpoint is used in the ID token verification process.
- Standard Scopes and Claims
- What's in the ID Token
- The JWKS Endpoint
- What's in the UserInfo Endpoint
- Using Claims parameter to request Claims
Session 3: Authentication with OpenID Connect
In part three we focus on authentication, specifically the techniques used in OpenID Connect to assess levels of authentication. We also show ways of increasing the level of security in OAuth and OpenID Connect flows through usage of signed requests objects and validation of responses with the help of an ID token.
- Understanding ACRs and AMRs
- The Prompt parameter
- Request objects
- Validating the response using the ID Token
Session 4: OpenID Connect Logout and Session Handling
In the fourth and final session in the series we’ll explain the details of the OpenID Logout specifications. We will demonstrate how they can used to Single Logout, and keeping the sessions in sync across applications.
- OpenID Connect Logout: RP initiated
- OpenID Connect Logout: Front Channel Logout
- OpenID Connect Logout: Back Channel Logout
- Session Management: Session State