SecAppDev 2020 Lecture Details

A practical introduction to OIDC (and OAuth 2.0)

Dominick Baier
Wednesday March 11, 11:00 - 12:30
Short description

OIDC and OAuth 2.0 have become the de facto standard to implement authentication and authorization in modern applications. This session introduces their features, such as authentication, sessions, and protocol flows.

Abstract

OpenID Connect (OIDC) is a modern authentication protocol designed to solve the authentication needs of web and native/mobile applications. It functionally replaces its predecessors like SAML, WS-Federation, and Kerberos. Technically, OIDC is an implementation of OAuth 2.0, which also gives you API access control in a single interaction. These features make it very attractive for modern security architectures. This session introduces the basics of OIDC like authentication, session management, and protocol workflows.

Key takeaway

The purpose and role of OIDC and OAuth 2.0 for securing modern applications

Content level

Introductory

Target audience

Anyone planning to build, design or secure API-based applications

Prerequisites

None


Dominick Baier

Dominick Baier

Independent consultant,

Dominick Baier is an independent consultant specializing in identity & access control. He helps companies around the world designing & implementing authentication and authorization for their distributed web and native applications. He’s the co-author of IdentityServer, which is the de-facto standard library for building OpenID Connect & OAuth 2.0 servers for the .NET Framework. He also co-founded PolicyServer, has written a couple of books, and regularly blogs on OAuth 2.0 and OIDC.

Full speaker profile


Related identity and access management sessions

OAuth 2.0 Security Reinforced

Lecture by Dr. Torsten Lodderstedt

OAuth 2.0 has become the standard for API authorization. Practical experience and security research have shown a need for updated security guidelines that will be presented in this session.

Identity and access management Wednesday March 11, 16:00 - 17:30

Advanced OAuth for security-sensitive applications

Lecture by Dr. Torsten Lodderstedt

OAuth has become the standard for API authorization because of its simplicity and versatility. This talk will present battle-proven patterns and OAuth extensions that should be used when building security-sensitive applications.

Identity and access management Thursday March 12, 14:00 - 15:30

OIDC and OAuth 2.0 – Tips from the trenches

Lecture by Dominick Baier

Building an API-based system with OIDC and OAuth 2.0 raises quite a few questions. In this session, we answer these questions using common patterns and anti-patterns derived from real-world scenarios.

Identity and access management Thursday March 12, 11:00 - 12:30

Making smart choices from the authentication cookbook

Lecture by Philippe De Ryck

Modern applications need to authenticate users and services in various scenarios. This session focuses on helping architects and developers understand the different authentication mechanisms and their purpose.

Identity and access management Tuesday March 10, 11:00 - 12:30

Modern access control policies

Lecture by Jim Manico

TBD

Identity and access management Wednesday March 11, 09:00 - 10:30