Web Sign In
Authentication for web applications using OpenID Connect.
Was this video helpful?
Related Identity Lab
Jump to Section
Jump to a section in the video for explanation on a specific topic.
- Confidential clients - definition
- The grant used for web sign in: implicit with form_post
- Web sign in - detailed walkthrough and diagram
- Request protected route on web app
- Authorization request
- Client ID
- Response_type
- Response_mode
- Redirect_uri
- Scope
- Nonce
- Default response_mode per response_type
- Authorization request (continued)
- Authorization response
- Token validation and web app session creation
- Anatomy of an ID token
- Principles of token validation
- Subject confirmation
- Validating tokens according to format
- Signature checks
- "Infrastructural" claims (issuer, audience, expiration)
- Validating tokens via introspection
- Attention points with introspection
- Metadata and discovery
Up Next
-
53:12
Calling an API
How to obtain and use access and refresh tokens for delegated authorization in a traditional web application.
-
41:01
Desktop and Mobile Apps
Authentication and delegated authorization for desktop and mobile applications and a public client overview.
-
37:29
Single Page Apps
Authentication and delegated authorization for single page applications.
Previous
-
48:54
Introduction to Identity
A whirlwind tour of identity history, concepts, and terminology: protocols, open standards, SSO, OAuth2, OpenID Connect and more.
-
14:58
OpenID Connect and OAuth2
OpenID Connect and OAuth specifications, roles, and grants.