Web API Security | Basic Auth, OAuth, OpenID Connect, Scopes & Refresh Tokens

There is a lot that goes into securing a Web API. In this video, I discuss why the industry decided to move on from Basic Authentication and OAuth 2.0 took over as the new standard of securing Web APIs.

This video also covers how OpenID Connect works together with OAuth to solve both Authentication and Authorization.

Scopes and deciding how to use scopes in OAuth is tricky, I also cover some tips for making those decisions. Finally, I talk about refresh tokens and how they help deal with token expiry.

#WebAPIDesign #OAuth #OpenIDConnect

Web API Design Series - Episode 1 -    • REST vs RPC vs GraphQL API - How do I...  
Web API Design Series - Episode 2 -    • Webhooks vs Websockets vs HTTP Stream...  

Timecodes
0:00 - Intro
2:06 - Basic Authentication
5:05 - OAuth
10:16 - OpenID Connect
11:23 - Scopes
13:55 - Refresh Tokens