• Contact us
  • Search

    Cloud native training

    OIDC and OAuth2 - Securing APIs and Web Applications

    Secure your APIs and Web application with modern, industry standard frameworks.

    oidc logo

    The role of security in software cannot be emphasized enough. However, implementing security properly can often be difficult. In this course we will show you how to implement authentication and authorization using the industry standard frameworks OpenID Connect (OIDC) and OAuth2. You will also learn the inner workings of these technologies, so that you will be able to digest and debug authentication and authorization issues.


    • Basic Kubernetes understanding, e.g. similar to the Kubernetes Fundamentals training
    • Basic understanding of Web applications and HTTP is recommended but not required
    • Basic Javascript knowledge is recommended but not required

    After completing this course, you will be able to:

    • Understand how OIDC and OAuth2 work together to secure APIs and Web applications
    • Know where OIDC and OAuth2 leaves it up to APIs and Web applications to add security
    • Digest OIDC authentication flows to debug and troubleshoot authentication and authorization problems
    • Understand JWT tokens, OIDC/OAuth2 scopes and claims
    • Add authentication and fine-grained authorization to APIs and Web applications using ‘your own code’ and through the ‘authorizing proxy’ pattern
    • Know how single-sign-on and social-login works with OIDC
    • Understand and protect your Web applications against the common CSRF attack
    • Protecting single-page applications (SPAs) using the backend-for-frontend pattern.


    One day


    Mix of theory and hands-on exercises


    Developers, architects, site reliability engineers (SRE)

    Upcoming trainings

    Empower your entire team with new skills

    Contact us to plan this training just for your team.