Maintenance

Site is under maintenance — quizzes are still available.

Go to quizzes
Sponsored Reserved space — layout preview until AdSense is connected
DevOps & backends · Integrations

OAuth 2 · OpenID Connect

AuthZ/code flows in plain language, token stewardship, SPA/API choreography — including Entra pointers.

Start tutorial

Sponsored

Sponsored Reserved space — layout preview until AdSense is connected

Lesson outline

  1. 1
    OAuth 2.0: Why It Exists and What Problem It Solves

    OAuth 2.0 replaces password sharing with short‑lived, scoped tokens, giving users secure, fine‑grained access to web services.

  2. 2
    OAuth 2.0 Roles Explained: A Clear Guide for Developers

    Learn the four core OAuth 2.0 roles—resource owner, client, authorization server, and resource server—and see how they enable secure token exchange in a real‑world sign‑in flow.

  3. 3
    OAuth 2.0 Authorization Code Flow: Step‑by‑Step Python Tutorial

    A step‑by‑step guide to implementing the OAuth 2.0 Authorization Code Flow in Python, covering registration, building the auth URL, state verification, token exchange, and API usage with a Flask example.

  4. 4
    OAuth 2.0 Access Tokens and Refresh Tokens – Practical Tutorial

    This tutorial explains OAuth 2.0 access and refresh tokens, shows how to obtain and automatically renew them in Python, and outlines security best practices for protecting user data.

  5. 5
    OAuth 2.0 Client Credentials Flow – Secure Machine‑to‑Machine Authentication with Python

    Learn how to implement OAuth 2.0 Client Credentials flow in Python for secure machine‑to‑machine authentication. Includes full code examples, token caching, and best‑practice guidance.

  6. 6
    OAuth 2.0 Implicit Flow Is Deprecated – Switch to Authorization Code

    The OAuth 2.0 Implicit Flow is deprecated because it exposes tokens in URLs and lacks robust revocation. Use the Authorization Code Flow with PKCE for secure, production‑ready authentication.

  7. 7
    OpenID Connect Explained: How It Extends OAuth 2.0 for Authentication

    OpenID Connect adds a standardized authentication layer on top of OAuth 2.0, using ID tokens and the openid scope to verify user identity securely.

  8. 8
    ID Token vs JWT: Decode, Validate & Read Claims

    Explore the structure of ID tokens and JWTs in OpenID Connect, learn to decode and validate them, and extract user claims for secure authentication.

  9. 9
    Understanding OAuth 2.0 Scopes and OpenID Connect Claims in a Practical Tutorial

    This tutorial shows how to define OAuth 2.0 scopes, obtain tokens, and read OpenID Connect claims using ID tokens or the UserInfo endpoint.

  10. 10
    PKCE: Securing OAuth Public Clients in Python

    Learn what PKCE is, why it matters for public OAuth clients, and see a Python implementation that secures the authorization code flow.

  11. 11
    OAuth Token Storage Security: Best Practices for Web & Mobile Apps

    Securely handling OAuth access and refresh tokens is essential for protecting user data in web and mobile applications. Follow best‑practice storage methods to reduce token theft risk.

  12. 12
    OAuth 2.0 PKCE Flow: Secure Token Exchange for SPAs and Mobile Apps

    This article explains the PKCE flow for OAuth 2.0 in single page apps and mobile apps, showing JavaScript and Python code to obtain secure tokens.

  13. 13
    Python OAuth2 Azure AD Integration – Complete Guide

    This tutorial walks you through registering an Azure AD app, using MSAL in a Flask project, and securely obtaining tokens to call Microsoft Graph.