Course Description

Modern web applications are often backed by an API. These APIs depend on OAuth 2.0 to implement access control. Since OAuth 2.0 is a delegation framework, implementing access control is not as simple as it seems. In this course, we look at the architecture of a back-end application using OAuth 2.0, and investigate the security properties of various kinds of access tokens. We also look at the importance of token introspection, and how to use that data to make access control decisions.