Close
Contact Us info@learnquest.com

??WelcomeName??
??WelcomeName??
« Important Announcement » Contact Us 877-206-0106 | USA Flag
Close
Close
Close
photo

Thank you for your interest in LearnQuest.

Your request is being processed and LearnQuest or a LearnQuest-Authorized Training Provider will be in touch with you shortly.

photo

Thank you for your interest in Private Training.

We look forward to helping you develop the perfect training solution to help you meet your company's goals.

For immediate assistance, speak with one of our representatives using the chat module below. Otherwise, LearnQuest or a LearnQuest-Authorized Training Provider will be in touch with you shortly.

Close
photo

Thank you for your interest in LearnQuest!

Now, you will be able to stay up-to-date on our latest course offerings, promotions, and training discounts. Watch your inbox for upcoming special offers.

title

Date: xxx

Location: xxx

Time: xxx

Price: xxx

Please take a moment to fill out this form. We will get back to you as soon as possible.

All fields marked with an asterisk (*) are mandatory.

OAuth 2.0: Protect Web Applications using Spring Security

Price
1,755 USD
3 Days
PP-ASOA-100
Classroom Training, Online Training
Other

AWS Training Pass

Take advantage of flexible training options with the AWS Training Pass and get Authorized AWS Training for a full year.

Learn More

Prices reflect a 22.5% discount for IBM employees (wherever applicable).
Prices reflect a 24% discount for Kyndryl employees (wherever applicable).
Prices reflect the Accenture employee discount.
Prices shown are the special AWS Partner Prices.
Prices reflect the Capgemini employee discount.
Prices reflect the UPS employee discount.
Prices reflect the ??democompanyname?? employee discount.
GSA Private/Onsite Price: ??gsa-private-price??
For GSA pricing, please go to GSA Advantage.
 

Class Schedule

Delivery Formats

Sort results

Filter Classes

Guaranteed to Run

Modality

Location

Language

Date

    Sorry, there are no public classes currently scheduled in your country.

    Please complete this form, and a Training Advisor will be in touch with you shortly to address your training needs.

View Global Schedule

Course Description

Overview

OAuth 2.0 is a standard protocol for authorization and focuses on client development simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and so on. This course also provides useful recipes for solving real-life problems using Spring Security and creating Android applications. The course starts by presenting you how to interact with some public OAuth 2.0 protected APIs such as Facebook, LinkedIn and Google. You will also be able to implement your own OAuth 2.0 provider with Spring Security OAuth2. Next, the course will cover practical scenarios regarding some important OAuth 2.0 profiles such as Dynamic Client Registration, Token Introspection and how to revoke issued access tokens. You will then be introduced to the usage of JWT, OpenID Connect, and how to safely implement native mobile OAuth 2.0 Clients. By the end of this course, you will be able to ensure that both the server and client are protected against common vulnerabilities.

Key benefits of the course:
  • Interact with public OAuth 2.0 protected APIs such as Facebook, LinkedIn and Google
  • Use Spring Security and Spring Security OAuth2 to implement your own OAuth 2.0 provider
  • Learn how to implement OAuth 2.0 native mobile clients for Android applications

Objectives

  • Use Redis and relational databases to store issued access tokens and refresh tokens
  • Access resources protected by the OAuth2 Provider using Spring Security
  • Implement a web application that dynamically registers itself to the Authorization Server
  • Improve the safety of your mobile client using dynamic client registration
  • Protect your Android client with Proof Key for Code Exchange
  • Protect the Authorization Server from invalid redirection

Audience


 

Prerequisites

    • Use Redis and relational databases to store issued access tokens and refresh tokens
    • Access resources protected by the OAuth2 Provider using Spring Security
    • Implement a web application that dynamically registers itself to the Authorization Server
    • Improve the safety of your mobile client using dynamic client registration
    • Protect your Android client with Proof Key for Code Exchange
    • Protect the Authorization Server from invalid redirection

Topics

  • OAuth 2.0 Foundations
    • Preparing the environment
    • Reading the user's contacts from Facebook on the client side
    • Reading the user's contacts from Facebook on the server side
    • Accessing OAuth 2.0 LinkedIn protected resources
    • Accessing OAuth 2.0 Google protected resources bound to the user's session
  • Implementing Your Own OAuth 2.0 Provider
    • Protecting resources using the Authorization Code grant type
    • Supporting the Implicit grant type
    • Using the Resource Owner Password Credentials grant type as an approach for OAuth 2.0 migration
    • Configuring the Client Credentials grant type
    • Adding support for refresh tokens
    • Using a relational database to store tokens and client details
    • Using Redis as a token store
    • Implementing client registration
    • Breaking the OAuth 2.0 Provider in the middle
    • Using Gatling to load test the token validation process using shared databases
  • Using OAuth 2.0 Protected APIs
    • Creating an OAuth 2.0 client using the Authorization Code grant type
    • Creating an OAuth 2.0 client using the Implicit grant type
    • Creating an OAuth 2.0 client using the Resource Owner Password • Credentials grant type
    • Creating an OAuth 2.0 client using the Client Credentials grant type
    • Managing refresh tokens on the client side
    • Accessing an OAuth 2.0 protected API with RestTemplate
  • OAuth 2.0 Profiles
    • Revoking issued tokens
    • Remote validation using token introspection
    • Improving performance using cache for remote validation
    • Using Gatling to load test remote token validation
    • Dynamic client registration
  • Self Contained Tokens with JWT
    • Generating access tokens as JWT
    • Validating JWT tokens at the Resource Server side
    • Adding custom claims on JWT
    • Asymmetric signing of a JWT token
    • Validating asymmetric signed JWT token
    • Using JWE to cryptographically protect JWT tokens
    • Using JWE at the Resource Server side
    • Using proof-of-possession key semantics on OAuth 2.0 Provider
    • Using proof-of-possession key on the client side
  • OpenID Connect for Authentication
    • Authenticating Google's users through Google OpenID Connect
    • Obtaining user information from Identity Provider
    • Using Facebook to authenticate users
    • Using Google OpenID Connect with Spring Security 5
    • Using Microsoft and Google OpenID providers together with Spring Security 5
  • Implementing Mobile Clients
    • Preparing an Android development environment
    • Creating an Android OAuth 2.0 client using an Authorization
    • Code with the system browser
    • Creating an Android OAuth 2.0 client using the Implicit grant type with the system browser
    • Creating an Android OAuth 2.0 client using the embedded browser
    • Using the Password grant type for client apps provided by the OAuth 2 server
    • Protecting an Android client with PKCE
    • Using dynamic client registration with mobile applications
  • Avoiding Common Vulnerabilities
    • Validating the Resource Server audience
    • Protecting Resource Server with scope validation
    • Binding scopes with user roles to protect user's resources
    • Protecting the client against Authorization Code injection
    • Protecting the Authorization Server from invalid redirection
  • Top 20 Training Industry Company - IT Training

    Need Help?

    Call us at 877-206-0106 or e-mail us at info@learnquest.com

    Personalized Solutions

    Need a personalized solution for your Training? Contact us, and one of our training advisors will help you find the best solution.

    Contact Us

    Need Help?

    Do you have a question about the courses, instruction, or materials covered? Do you need help finding which course is best for you? We are here to help!

    Talk to us

    Master Mainframe Skills - 15% Off!

    Limited Time Offer: Save 15% on our targeted training programs.

    Valid through March 31, 2025. Use promo code MAINFRAME15 at checkout.

    Mainframe Concept

    Self-Paced Training Info

    Learn at your own pace with anytime, anywhere training

    • Same in-demand topics as instructor-led public and private classes.
    • Standalone learning or supplemental reinforcement.
    • e-Learning content varies by course and technology.
    • View the Self-Paced version of this outline and what is included in the SPVC course.
    • Learn more about e-Learning

    Course Added To Shopping Cart

    bla

    bla

    bla

    bla

    bla

    bla

    Self-Paced Training Terms & Conditions

    ??spvc-wbt-warning??

    Exam Terms & Conditions

    ??exam-warning??
    ??group-training-form-area??
    ??how-can-we-help-you-area??
    ??personalized-form-area??
    ??request-quote-area??

    Sorry, there are no classes that meet your criteria.

    Please contact us to schedule a class.
    Close

    self-paced
    STOP! Before You Leave

    Save 0% on this course!

    Take advantage of our online-only offer & save 0% on any course !

    Promo Code skip0 will be applied to your registration

    Close
    Nothing yet
    here's the message from the cart

    To view the cart, you can click "View Cart" on the right side of the heading on each page
    Add to cart clicker.

    Purchase Information

    ??elearning-coursenumber?? ??coursename??
    View Cart

    title

    Date: xxx

    Location: xxx

    Time: xxx

    Price: xxx

    Please take a moment to fill out this form. We will get back to you as soon as possible.

    All fields marked with an asterisk (*) are mandatory.

    If you would like to request a quote for 5 or more students, please contact CustomerService@learnquest.com to be assigned an account representative.

    Need more Information?

    Speak with our training specialists to continue your learning journey.

     

    Delivery Formats

    Close

    By submitting this form, I agree to LearnQuest's Terms and Conditions

    heres the new schedule
    This website uses third-party profiling cookies to provide services in line with the preferences you reveal while browsing the Website. By continuing to browse this Website, you consent to the use of these cookies. If you wish to object such processing, please read the instructions described in our Privacy Policy.
    Your use of this LearnQuest site affirms your consent to our use of session and persistent cookies to track how you use our website.