OAuth has been around for more than 10 years now, and has become the standard protocol for token-based security. Like every popular technology that has been growing with new requirements, there are some things which work really well and some that did not quite stand the test of time. This talk looks at the essentials you should know about as if you are new to the OAuth ecosystem and were to enter it today. We will cover which protocol flows and extensions should you study, which "dialects" (like OpenID Connect) are important, and if you decide to dive deeper what would that "recommended reading" list look like.

You will learn:

• Explain the complicated history of OAuth
• Understand the workflows for API security
• Understand the workflows for user authentication