Gain insights into JWT, OAuth2, and OpenID Connect. Learn about HTTPS, encryption, and handshake techniques, and explore foundational concepts in web API security for enhanced application protection.

Web application developers are always on the lookout for ways to secure their applications. It has become the most fundamental part of any web application considering the rise in the number of cyber-attacks. This course will be your handy guide to the basic terminologies and frameworks related to web application security.

 In this course, you will learn what JWT is, how a JWT is created, and what benefits it provides in token-based authentication. You will learn about why HTTPS was introduced and how it revolutionized the way data is transferred using techniques like encryption and handshake. You will also dive deep into the most commonly used authentication and authorization frameworks called OAuth and OpenId Connect. This course will give you a taste of what web API security is all about and will give you the foundation so you can further your learning of application security.

Web Security and Access Management: JWT, OAuth2 & OpenId Connect

As the name suggests, this flow is a mix of Authorization code flow and Implicit code flow.

In Authorization flow, we first get authorization token from `authorization endpoint` and then get the access token and identity token from the `token endpoint`. This takes some time as two server calls are needed.

In the implicit flow, we get the access token and identity token from the `authorization endpoint`. This is faster but is not secure.

In the hybrid flow, the client gets immediate access to the identity token from the `authorization endpoint` itself. The client also gets the authorization code from the `authorization endpoint`. Later, it fetches the access token from the token endpoint which can be used to get further user info.





This lesson discusses Hybrid code flow of the OpenID Connect.

Getting started with Web Application Security

HTTPS Basics

JSON Web Token

OAuth

OpenID Connect

Conclusion

Hybrid Code Flow for Authentication