HomeCoursesWeb Security and Access Management: JWT, OAuth2 & OpenId Connect

Intermediate

Web Security and Access Management: JWT, OAuth2 & OpenId Connect

Gain insights into JWT, OAuth2, and OpenID Connect. Learn about HTTPS, encryption, and handshake techniques, and explore foundational concepts in web API security for enhanced application protection.

Join 2.7 million developers at

Overview

Content

Reviews

Web application developers are always on the lookout for ways to secure their applications. It has become the most fundamental part of any web application considering the rise in the number of cyber-attacks. This course will be your handy guide to the basic terminologies and frameworks related to web application security. In this course, you will learn what JWT is, how a JWT is created, and what benefits it provides in token-based authentication. You will learn about why HTTPS was introduced and how it revolutionized the way data is transferred using techniques like encryption and handshake. You will also dive deep into the most commonly used authentication and authorization frameworks called OAuth and OpenId Connect. This course will give you a taste of what web API security is all about and will give you the foundation so you can further your learning of application security.

Web application developers are always on the lookout for ways to secure their applications. It has become the most fundamental p...Show More

Content

28 Lessons4 Quizzes

Getting started with Web Application Security

4 Lessons

Get familiar with fundamental web application security threats and essential mitigation techniques.

Introduction

Cross-site Scripting Attack (XSS)

Cross-site Request Forgery (CSRF)

Denial-of-Service Attack

HTTPS Basics

4 Lessons

Unpack the core of encryption, SSL certificates, HTTPS, and the functionality and concerns of cookies.

What is Encryption?

Understanding SSL certificates

What is HTTPS, and How Does it Work?

What are Cookies?

JSON Web Token

7 Lessons

Examine the use of JSON Web Tokens (JWT) for secure authentication, validation, and key management.

Session-based Authentication

Token Based Authentication

JWT - JSON Web Token

JWT Validation

Stolen JWTs

Cryptographic Key Management

Hacking JSON Web Tokens

OAuth

7 Lessons

Grasp the fundamentals of OAuth’s authorization framework, terminologies, and various grant types.

OAuth Introduction

OAuth Terminologies

Authorization Code Grant Type

Implicit Grant Type

Client Credentials Grant Type

Resource Owner Credentials Grant

Refresh Token Grant

OpenID Connect

5 Lessons

Take a look at OpenID Connect's authentication, flow types, and core terminologies.

OpenID Connect Introduction

OpenId Connect Terminologies

Authorization Code Flow for Authentication

Implicit Code Flow for Authentication

Hybrid Code Flow for Authentication

Conclusion

1 Lessons

Express gratitude and invite feedback to enhance engagement and learning experience.

Certificate of Completion

Showcase your accomplishment by sharing your certificate of completion.

Course Author:

Saurav Aggarwal

Developed by MAANG Engineers

Every Educative resource is designed by our team of ex-MAANG software engineers and PhD computer science educators — subject matter experts who’ve shipped production code at scale and taught the theory behind it. The goal is to get you hands-on with the skills you need to stay ahead in today's constantly evolving tech landscape. No videos, no fluff — just interactive, project-based learning with personalized feedback that adapts to your goals and experience.

Trusted by 2.7 million developers working at companies

"These are high-quality courses. Trust me. I own around 10 and the price is worth it for the content quality. EducativeInc came at the right time in my career. I'm understanding topics better than with any book or online video tutorial I've done. Truly made for developers. Thanks"

Anthony Walker

@_webarchitect_

"Just finished my first full #ML course: Machine learning for Software Engineers from Educative, Inc. ... Highly recommend!"

Evan Dunbar

ML Engineer

"You guys are the gold standard of crash-courses... Narrow enough that it doesn't need years of study or a full blown book to get the gist, but broad enough that an afternoon of Googling doesn't cut it."

Software Developer

Carlos Matias La Borde

"I spend my days and nights on Educative. It is indispensable. It is such a unique and reader-friendly site"

Souvik Kundu

Front-end Developer

"Your courses are simply awesome, the depth they go into and the breadth of coverage is so good that I don't have to refer to 10 different websites looking for interview topics and content."

Vinay Krishnaiah

Software Developer

Hands-on Learning Powered by AI

See how Educative uses AI to make your learning more immersive than ever before.

Personalized Interview Prep

Skip the LeetCode grind with a custom roadmap that adapts to your goals. Hands-on practice for Coding Interviews, System Design, and more.

Mock Interviews

Test your skills in a simulated interview setting. Receive personalized feedback based on your performance. Available for Coding Interviews, System Design, and more.

AI Prompt

Build prompt engineering skills. Practice implementing AI-informed solutions.

Code Feedback

Evaluate and debug your code with the click of a button. Get real-time feedback on test cases, including time and space complexity of your solutions.

Explain with AI

Select any text within any Educative course, and get an instant explanation — without ever leaving your browser.

AI Code Mentor

AI Code Mentor helps you quickly identify errors in your code, learn from your mistakes, and nudge you in the right direction — just like a 1:1 tutor!

Course

Password Security: How not to Store Passwords

1 h

intermediate

Course

A Hands-on Guide to Angular

Discover Angular's core concepts and advance to building a complete SPA. Gain hands-on experience by creating modules, components, forms, routing, and APIs in an e-commerce app.

16 h

intermediate

Course

Django: Python Web Development Unleashed

Gain insights into Django, a Python framework for rapid web development. Discover hands-on learning with interactive widgets and build a portfolio-worthy Django project.

12 h

intermediate

Course

CSS Theming for Professionals

Gain insights into practical CSS theming methods, delve into problem-solving, and discover the css-theming package to create highly customizable, dark mode-friendly apps in this course.

3 h

intermediate

Course

Building Full-Stack Web Applications with AdonisJs

Gain insights into AdonisJs fundamentals. Delve into routes, controllers, middleware, and hooks. Discover practical examples, illustrations, and quizzes to confidently build your full-stack applications.

intermediate

Course

Angular: Designing and Architecting Web Applications

Gain insights into designing scalable Angular applications. Learn about components, directives, routing, RXJS, forms, and Firebase authentication to develop rich, interactive web solutions.

20 h

beginner

Course

Beginning Flutter: Android Mobile App Development

Delve into Flutter's UI framework to build high-quality Android apps, from creating contact profiles to enhancing them with themes and API integration, culminating in app publication.

10 h

beginner

Course

Software Architecture in Applications

Delve into software architecture, exploring key principles, patterns, and quality attributes. Gain insights with case studies and projects, enhancing your practical skills in system design and optimization.

12 h

beginner

Course

Password Security: How not to Store Passwords

intermediate

1 hour

Course

A Hands-on Guide to Angular

intermediate

16 hour

Course

Django: Python Web Development Unleashed