So you have a well functioning Identity Provider be it in the cloud or self managed and you're like "All's well that ends well".

Don't make that mistake.

OpenID Connect and OAuth2 are living specifications. They are constantly revised because new attacks are constantly invented.
In this demo rich session we're exploring the latest developments. Did you know that implicit flow is deprecated for example? And that a request to the authorize endpoints might leak all kinds of information that can easily be prevented? And that client authentication can be way more secure than using a simple password?

Please come and join me and I'm certain you'll implement at least one of my tips as soon you're back at the office.