Authentication and Authorization with OAuth 2.0

Thank you for signing up for the course! We look forward to working with you and hearing your feedback in our forums.


Need help getting started?


Contents

Course Resources

Software to install

In order to follow along with the activities in lessons 2-4, you will need to install a virtual machine (VM) on your computer. This VM gives you an environment pre-installed with python, flask, sqlalchemy,and all of the python libraries necessary for this course. See here for installation instructions.

Course syllabus

Lesson 1: Authentication vs. Authorization

In lesson one you will learn the difference between the concepts of authentication and authorization and address some major security concerns that developers must protect against when developing a web application.  You will learn how OAuth 2.0 makes implementing security easier for developers and users alike by allowing your users to sign in to your applications while keeping all of the security on well-known and trusted OAuth providers. Finally, you will see OAuth 2.0 in action as you make API requests using Google's OAuth 2.0 Playground.

Lesson 2: Creating a Google+ Sign-In

In lesson two you will learn about the different types of security flows your application can implement. You will see how security can be handled by your server, your users browser, or both depending on the type of security your application needs.  You will then add a Google+ sign-in to an existing web application and implement an hybridized client/server flow.

Lesson 3: Creating a Local Permission System

In lesson three, you will add python code to create server-side rules that will constitute a permission system. This system will limit access of the database for each logged in user based on how the developer designs this code.

Lesson 4: Adding Facebook and Other OAuth Providers

In lesson four you will learn to implement multiple OAuth providers on your web application and then add Facebook login as an alternative sign-in option for your users.

Deploying your App

Check out this wiki to deploy your app to the web using Heroku.

Acknowledgments

A lot of people came together to make this course a reality.

Larry Madrigal - production lead, actor, audio engineer

Geoff Norman - lighting and editing

Kagure Kabue and Justine Lai - actors

Kim Dryden & Clark Downer - project managers

James Williams, Karl Kruger, Mike Wales - content brainstorming and script review

Eduardo Medina, Susan Smith, Philip Mallory, Jee Kang - reviewing and testing the course