OAuth 2.0: Nailed the core framework with hands dirty.

KeyCloak, Golang, React + Router + Bootstrap, Github’s OAuth. OAuth 2.0 RFCs

4.60 (126 reviews)

Udemy

platform

English

language

Network & Security

What you will learn

Create a personal OAuth 2.0 playground in a virtual machine.

The fundamentals of the OAuth 2.0 framework.

Develop projects from scratch and secure them with OAuth 2.0

Attack your own projects

Apply some best practices like PKCE.

A touch on OpenID Connect.

Integrate our projects with Github’s OAuth application.

Why take this course?

In this course, we will start learning Oauth2 by using a production-ready Authorization Server such as Keycloak at the beginning. That sounds reasonable, but why do we do that?

By using a correct implementation authorization server at the beginning, it prevents us from going in the wrong way by ensuring that the authorization server complies with the Oauth 2.0 specification correctly. Besides, we can peacefully focus on how a client communicates with the authorization server in various different flows that are available and waiting for us to learn them and understand them. At the end of the day, it is less likely that one will use the Authorization server written from scratch for their production. And more importantly, we are focusing on fundamentals as our first priority. We wanted to divide the huge concept apart and conquer each small enough pieces that can be easily comprehended from the ground up.

Hence we offload what we haven’t focused yet to another piece of software we believe it implements correctly. Once we understand ins and outs all relevant theories, then our implementation will hardly go wrong if we really wanted to implement an Authentication server ourselves, In addition, the Authorization server is unarguably a complex system. So again, we won’t implement an authorization server in this course.

After we develop the OAuth 2.0 client and protected-resource. The protected resource will be a simple service that exposes APIs. Then we protected them with the Oauth2 framework. And with all solid understanding of the fundamental of how an authorization server behaves, plus the familiarity with RFC6749. Then we can at least implement a simple authorization server with joy.

Let’s imagine that, if this course was designed completely opposite direction, that is to guide you to start building the Authorization server at the beginning, it will draw a lot of energy from us. It will keep us juggling all OAuth's roles at once, and possibly take time to correct any mistakes that may occur from misunderstanding the concept and hence it could possibly take longer to achieve that same goal. That is why this course is carefully designed to deeply understand the Oauth 2.0 framework.

For more information and more specialty, please find my blog under my profile picture.

Reviews

Konstantin

July 26, 2023

Where is no resources or link to the source code for lessons. You should every time make pause to cope the code, some times it's not working and you can't compare it with some reference so you should rewatch all the lesson to find all code changes. The teacher do it really fast and you have no enough time to press Pause button to copy the code so you will press "Go back 5 second ago" button million times during the course.

Sean

April 12, 2022

This was an excellent course, and did a great job of making a "dry" topic very interesting and fun. I came in with some basic ideas on OAuth2 already, but the course clarified a lot and I am a lot more confident with this knowledge now. The instructor has structured the course very well and takes a really hands-on approach: from setting up the Keycloak server to creating and adding clients which interact with different parts of OAuth and OIDC. It's all really well taught, covers a lot of ground and there are lots of relevant references and examples for when you want to go deeper. I went in aware that the English may not be clear but I didn't find it difficult to understand at all. To be honest I watched most of the course at 1.75x without issue. Aside from that there are excellent subtitles/captions available on every video too so it shouldn't be an issue. Thank you Charnnarong!

Patanayont

March 9, 2022

เนื้อหาโดยรวมน่าสนใจและได้ประโยชน์ความรู้ตรงตามที่คาดหวังไว้ครับ เรื่อง accent เนื่องจากเป็นคนไทยก็เลยฟังพอเข้าใจอยู่ มี sub น่าจะช่วยคนต่างชาติได้เยอะ แต่จะขอ comment ในเรื่องตอน workshop code เพราะ ในคลิป จะเลื่อนไปเลื่อนมาตลอด เปลี่ยนหน้าไปมา บางช่วงก็จะเร่งเร็ว ก้มหน้าแปปนึงหันกลับมาอีกที ไม่รู้ไปใหนแล้ว เวลาทำตาม เลยต้องย้อนไปย้อนมาหลายรอบครับ

Griep

October 26, 2021

Totally helped my to implement my oauth2 application with full understanding whats going on. I was also able to transfer this knowledge to .net core and vuejs. Thanks and well done.

Thiago

December 3, 2020

There is no didactics, the instructor has no skills to teach, and the English pronunciation is terrible.

Volker

November 21, 2020

Super course. It really goes deep and teaches me the stuff I want to know. It also sets up a perfect playground for taking this further and experimenting myself. This is no course for just watching - you have to actively follow along. But this is definitely worth the effort.

Saad

September 6, 2020

First of all, a big thank you to Charnnarong for making this fantastic course... I've been looking for a similar course on Keycloak for a long time but to no avail, until recently ;) The course is definitely aimed towards experienced developers (basic working knowledge of web development is assumed) but is structured and explained in such a way, that even a Golang noob as myself is able to follow along (I am actually looking into rewriting the backend in Clojure...) I am learning OAuth2, Keycloak, Golang and more, all in one package! Amazing stuff! Keep up the good work and many thanks for sharing your knowledge! PS: For those worrying about the lecturers accent, you can always turn the captions on. This stuff is golden and you don't want to miss out!!!

Vincent

July 13, 2020

The hands-on part is super! And the switching back-and-forth between custom code and Postman gives an extra perspective in understanding the protocol. It is so much clearer than many other courses which often rely on PowerPoint slides to regurgitate the RFC specification. Tip: As a student, turn on the caption/subtitle of the video if you cannot make out the exact spoken words in the audio.

Filip

June 21, 2020

I had some basic idea about OpenID and Oauth. I had some prior experience with implementing authentication clients against Keycloak, but it was all pretty much frantic googling and all the nuances were kind of hidden from me. That's why I bought this course. All in all I am satisfied. I feel I understand it much better now. It was easy for me to follow, since I had SOME prior experience and I cloud even skip / fast forward some sections. I knew about the heavy accent from reviews so I it couldn't be a disappointment for me. Subtitles were done nicely, so it was not such a great issue.

Eden

June 5, 2020

The pace is great as I feel like I'm really absorbing what is being taught, and I like how the instructor goes in to detail about the tool he's using i.e. Vagrant or go (even though he'll stop and say that he's rambling on too much, I like the extra detail).

Yabin

June 3, 2020

the topics and examples are very well explained, definitely this is not a course for beginners. If you really want to learn security this a very good course to crash in real world situations.

Gerald

June 2, 2020

Great course for OAuth2.0. The instructor has a very good technical knowledge. You can always expect that he will answer all your questions in Q&A section.

Nikolas

April 26, 2020

I think the tutor has good technical knowledge but his accent and pronounciation skills is not as what I expected.

Vivek

March 18, 2020

This guy should learn how to speak English first! It is so difficult to understand him. I m going to get a refund now.

Joris

January 19, 2020

The content is very great and it really helps me to understand the concepts of oauth. However I am not a native english speaker and his english accent is very hard to understand for me. I am now using the closed captioning and I am able to follow much better. Thank you very much!

Charts

Price

Rating

Enrollment distribution

OAuth 2.0: Nailed the core framework with hands dirty. - Distribution chart