OAuth 2.0 & SAML Masterclass

The definitive guide to modern authentication and authorization. Master delegated authority with OAuth 2.0, OpenID Connect (OIDC), and the Enterprise SAML 2.0 standard.

OAuth 2.0 & SAML Masterclass

The definitive guide to modern authentication and authorization. Master delegated authority with OAuth 2.0, OpenID Connect (OIDC), and the Enterprise SAML 2.0 standard.

OAuth 2.0 & SAML Masterclass

Module 1: Auth Landscape

Delegation vs. Identity

Conceptual Foundation

The Delegation Problem

Imagine you want a printing service to access your photos on Google Drive. In the old days, you'd give them your password. That's a security nightmare.

Master Tip:

"Avoid sharing Master Credentials."

The LOGIC

OAuth 2.0 & SAML Masterclass

Duration: TBD

Lessons: 6

(0.0)

The definitive guide to modern authentication and authorization. Master delegated authority with OAuth 2.0, OpenID Connect (OIDC), and the Enterprise SAML 2.0 standard.

Curriculum

The Auth Landscape & Delegation

The Password Sharing Problem
Delegated Access vs Login
SAML vs OAuth: When to use which

OAuth 2.0 Core Flows

Authorization Code Flow (+ PKCE)
Client Credentials Flow (M2M)
Implicit & Password Flows (Legacy)

JWT & OpenID Connect (OIDC)

Anatomy of a JWT (Header, Payload, Signature)
ID Tokens vs Access Tokens
Standard OIDC Scopes & Claims

SAML 2.0: Enterprise Auth

Service Provider (SP) vs Identity Provider (IdP)
SAML Assertions & Metadata
Single Sign-On (SSO) Workflows

Practical Implementation Lab

Implementing an Auth Client in React
Building a Token Validator in Node.js
Integrating Google & GitHub OAuth

Security & Threat Mitigation

CSRF Protection with State
Secure Token Storage (Memory vs Cookies)
Token Revocation & Rotation