OpenID Connect is the de-facto standard we should use for handling authentication and authorization in modern applications. However, it can still be very complex and confusing with all the various concepts, including scopes, claims, flows, resources, and tokens.

In this one-day workshop, you will learn:

* Authentication vs. authorization
* How OAuth 2.x and OpenID Connect work
* Fundamental concepts
* How a client authenticates against an authorization server
* How to retrieve and consume JWT tokens
* How OpenID Connect fits into your architecture
* How the tokens are secured and managed

This course includes many hands-on exercises that will help you understand how the protocol works under the hood.

The target audience is developers and architects who want to learn the fundamentals and how to protect applications using OAuth2 and OpenID Connect. This workshok focuses on the various standards and protocols, not on a specific implementation or programming language.

Prerequisites
It would be best if you had a good understanding of the following:

* The HTTP(s) protocol (including methods, headers, and cookies…)
* How the web works in general
* Some experience in developing backend web solutions

Agenda
In this course, we will cover the following:

* Introduction
* Token Service
* Implicit flow
* How does this flow work
* JWT tokens
* Claims and scopes
* Securing the token
* Authorization Code Flow
* Client Credentials flow
* Refresh tokens
* Proof Key for Code Exchange (PKCE)
* Backend for Frontend (BFF)
* OAuth 2.1
* And much more…

To facilitate hands-on learning, I provide a cloud-based exercise environment using Azure Cloud VMs. This setup allows participants to connect via remote desktop without needing to install anything locally, making it accessible to anyone with a remote desktop connection.

I will also provide all the exercises in paper-form, because having the exercises in digitl form will make the workshop experience worse.