OAuth 2.0 and OpenID Connect (in plain English)
Вставка
- Опубліковано 24 лис 2024
- Developer Advocate Nate Barbettini breaks down OpenID and OAuth 2.0 in Plain English. NOTE: This video is from 2018 and contains some information that is now out of date, mainly the content around the OAuth Implicit Flow.
Check out our video course! The Nuts and Bolts of OAuth 2.0 oauth2simplifi...
Learn more about OAuth at oauth.net
Get the book: OAuth 2.0 Simplified amzn.to/36HAGoS
Find Nate's slides here: speakerdeck.co...
Sign up for our newsletter! a0.to/zeroindex
5 Years old video and still so relevant and precise to date! Nothing beats this video in explaining OAuth and OIDC
You stole my words...
@@ciroformentonyou too
you too (1)@@watherby29
@@watherby29 you too
@@ABHISHEK0058you too
He not only knows his stuff, but he also knows how to teach it. That's a rare and high-profile combination.
It’s a hallmark of subject matter mastery. I believe it was Einstein that said, “…(paraphrased) if you can’t explain rocket science to a child, you don’t understand it well enough.”
This guy is an excellent teacher. Wow! I am very honored and grateful
@H Sharma well, he explained it to a room full of software developers, who, I assume, already have some experience in Web development, not to a room full of nursery kids.
@@swagatopablo that’s not really the audience. UA-cam viewers are the audience. And he took that into account when he was delivering his lecture.
@@hsharma3933
very well quoted (eyenstine 🙂 my spelling)
This lecture summarised everything I have spent 20 hours googling in one hour. Fantastc!
This comment means a lot as that is exactly the goal of this video. Thank you for your feedback.
Now seeing a 2 month of comment i can feel safe following this video as it seems to be still relevant.
Same
Wow!! You were able to understand everything in 20 hours of Googling? That's lightening speed for this topic IMO
RIP to those who missed this video thinking that its an hour video & went for 10 min videos.
Now I get it.
true dat. really really good video
Spent the last week trying to make sense of OAuth using 10 min videos... I wish I hunkered down and just watched this sooner.
I skipped this video before cause it long, came back through a reddit post and 18 mins into it. I understood the fundamentals
Finally.. someone has explained this in a way I can understand.. Thanks Nate for this presentation.
true that
Totally agree on that. I had been scratching my head over this OAuth and OpenID stuff.
Where can I find this presentation slides?
@@mukhtharak2043 Check description of the video
totally agreed!!
6 years on and Im just getting into this. This has been the clearest explanation by far. Thank you.
More than justifies it's title of "in plain English". Brilliant explanation. Sets the benchmark for how to explain things.
Thanks for your kind words!
I couldn't agree more, Thanks Nate
this is also important
or else
many of times
don't feel like watching because of english accent (take positively)
You know what they say, If you can't explain it simply, you don't know it.
This guys knows his stuff.
bravo!
not true for everyone.
@@debanjanbarman7212
u r also right
I'm a principal architect on a fortune 500 SaaS ERP implementation. My challenge is not only for myself to understand OAUTH 2.0, but also be able to explain this to stakeholders. This video does precisely this, incredible presentation. Thank you.
after ur comment a year ago.
i am in that spot of explaining to stakeholders.
🙂
Things that I really appreciated about this video
1. Introduced workflow without any or with minimal technical terms
2. Introduced the terminology and explained in simple terms
3. Went back to the workflow and incorporated the terminology with the workflow
4. Repeated questions from the audience so that those of us watching the video knew what the question was
What a great video!!! Nate did a great job of teaching this material!
I appreciate the kind words. Thanks for watching! I'm glad it was helpful!
May I add 5. not beeing stupid funny and translate the terminilogy in stupid analogy
Why can't university lectures be as interesting as talks like these. This is great, thank you.
Imagine this bright guy explaining this stuff to a room of immature 19 year olds. Not just once, but year, after year, after year. Its like keeping a killer whale in a basin, he ll die from boredom. Theres an old saying that goes; those who can, do, those who cant, teach. he can.
This is by far the best video to understand OAuth and OpenIDConnect.. Nate is an outstanding teacher!
One of the best session on youtube of oauth + openId.
One of the best 1 hour i have ever spent on this app. Extremely useful, easy to understand.
I just explicitly logged into youtube to like this video. Thanks so much for putting this talk together and demystifying this stuff.
Very few people have the ability to deliver complex information in an understandable and concise way. You have this ability, Nate. Thank you.
I was scratching my head when I used to hear the word OAuth. Now I clearly understood the OAuth basics. Thanks for explaining with this much of clarity.
I usually never comment, but this was an amazing talk. He not only explained how the protocols work, but also their history, the bad solutions that the companies tried before these protocols were created, and how OAuth and OIDC solved these problems and standardized authentication and authorization in the web. Love it!
Thanks for leaving this comment. It means a lot. We hope to see you around in our other content :)
I've lost count of how many confusing articles I've read online about this. Thanks for making it much easier
I came across this video as I wanted to learn OAuth and OpenID to answer 10 questions in a quiz. Trust me that after watching this video, I answered all of them correct. I had no clues how t even answer 1 singe question before watching this video. MAN..you are just awesome. Thanks a ton !
The title should be "Everything you ever wanted to know about OAuth".
Thanks much Nate... superbly explained.
I watched this video like 4-5 months ago and all the knowledge went by me. Got a job and there we so many problems regarding authentication/authorization and understanding how it works. I decided to watch this clip again and it all suddenly clicked. Incredible video. Thanks a lot.
This is the best video on Oauth 2 and OpenID Connect that I have found so far. Really helps get the concepts you need for search terms
I have seen/red multiple tutorials was never understood open id connect so well . Everybody explains oauth correctly but no one i came across has explained open id connect so well. Awesome job . Thank you !
now THIS: is how you do a presentation, clear, and build up the presented information as you teach it.
The one thing that is so small, but a sign of a fantastic presenter: 26:30 a guy asked a question, Nate repeated it back to summaries he understood it welll - and for us watching a recording - we could hear the question... So professional, impeccable presentation and clear content.
Thanks for the kind words. I'm glad the presentation has been useful for lots of folks!
I've seen a lot of explanations and didn't understand the concept.
FINALLY a very good expansion made me understand the concept . thank you!!
Honestly I implemented the both protocols before attending this video but really, such explanation should be included as a video in the protocols tutorials, nobody could eliminate the confusion in this way. Nate you're very amazing instructor.
Brilliant explanation. To anyone who is wondering why this video is so long, this video not only explains OpenID, but also the login flow, OAuth, and all the granularity while executing in code. After watching this, you will get a very solid understanding of how to implement login flow.
Best explanation of OAuth2 and OpenID Connect on the internet. Thank you.
Excellent presentation. So simple, crisp and clear. For anyone who want to understand what the heck is OAuth2 and OpenID Connect, this is the best presentation to go.
You've only got to watch the tons of other tutorials out there and wade through the reams of obscure and perplexing documentation to really appreciate what a brilliant job this presentation does of explaining this cryptic jargon. Thanks a zillion! Oh if you only did another such presentation on general relativity and one on quantum mechanics.
Hands down the best talk ever. Couldn't be simpler and more digestible. If you struggle to understand OAuth and OpenID connect after watching this talk, then you should change your major ASAP.
Absolutely brilliant - Watching it nearly after 2-years you presented, but nothing comes close to presenting it this well. It is not easy to explain complex concepts in simple terms, but you managed it pretty well Nate. Thank you for the session and sharing the content.
Thanks for watching! And thanks for the kind words. :)
This is one of the best content to understand OAuth 2.0 & OpenID Connect. Thanks for sharing it.
One of the best explanatory presentation I have seen on a topic which otherwise looks extremely complicated, especially for the beginners.
I am so thankful I stumbled on this video. I felt horrible for not being able to wrap my head around this stuff easily. Thank you for this video! It was super helpful.
Don't feel bad, everyone finds this stuff complex! The reason I wrote this talk initially was because I was confused myself.
Thanks again! The way you explained this stuff was really easy to grasp. Would you be able to do one on JWT?
Only six minutes in, and it's obvious you're a great teacher! You're acknowledging the problem: the jargon and terminology. Explaining why it's a problem: how are you supposed to learn something new when someone uses language you don't understand? And giving examples of the frustration: newbies bounce from one stackoverflow post to the next, each saying the other person is wrong. (That's me, btw!)
Looking forward to the whole talk! Thanks so much for posting!
YES! I found I understood parts of this topic in practice but then once someone started using technical lingo I was like, "What?"
"OAuth 2.0 and OpenID Connect (in plain English)". It's actually IN PLAIN ENGLISH! PERFECT! The talk starts from the beginning without assuming too much knowledge. Thanks so much.
When learning this myself I was frustrated by finding so many explanations that assumed a huge amount of starting knowledge, and wanted to change that. Glad it was helpful!
There is no better video than this one to understand OAuth and OpenID Connect. You can bet on it.
This is by far the best video that explains OAuth and OpenID Connect in the most simplest way possible
Absolutely great presentation. Been playing around with oauth and openid connect for one of our products but not really understanding what all the pieces meant. Now I do. Thanks!
Nate, the first 12 mins of your video made me pause it and type this down. As a security guy, I just want to say THANK U, I've been looking for this and you explain it pretty well. Reading this from books and internet was so overwhelming and you first pointed out: Jargon. You really rock bro
Thanks for the kind words! I'm glad it was helpful!
This man deserves an award. Great presentation!
I haven't seen best explanation than this on OAuth and OPenID Connect.
It clears lots of doubts from my side about using this.
Thank you very much @Nate Barbettini for this video
I just watched half of it and can't stop myself commenting. I knew Oauth before but I always have a missing piece in the puzzle. I had to unlearn to relearn in the perfect way. Awesome presentation and explanation. you got a skill !! Glad I found this video
This is the man. Finally someone with the right skills to deliver knowledge!
Really thank you!
You save me from another 2 years of searching.
Still the best lecture on oauth and oidc after 4 years
Was struggling with oauth and oidc for several days. 5 years old video, still there is no place where they have explained as in this video. Thank you so much.
You're welcome! ♥
Exactly a developers perspective ! Just what an enterprise developer was looking for ! Very well done Nate !
It pisses my off how many of us developers don't strive for the simplicity used in this talk to explain things. This was awesome, thanks!
I have probably gone through tons of videos on OpenID Connect and OAuth 2.0 and no doubt this one is best.
Can I like it more than once. Mind boggling explanation by instructor ..... Crystal clear......Worth watching it for 1 hour🙂
Nate, you have transformed my understanding of Oauth 2.0 and OIDC for good. I cannot thank you enough.
Keep doing the good work! :)
Thanks for the kind words! I'm glad the talk helped!
OMG finally, after reading all the Google stuff and reading other documentation and watching videos for months on and off, I finally got it. It might be 4 years old, but thanks so much for putting OAuth V 2 so simple and easy to understand, also thanks for the great tools, just amazing..........
Wow! I just have an “Ahaaaa!” moment. What a good presentation, with so clear explanations about oauth and open connect id. Thank you very much!
I'm glad I could share the "aha!" moment with you! Thanks for watching.
watched complete video..totally worth spending 1 hour..easy explanation and covered concept in details.
Thanks for watching!
Fantastic talk on OAuth. Probably one of the best tech talks I've heard period. Well done.
Try SOLID talks by UB ;-)
The ability to take a complex technical subject and make it easy to understand is a rare gift. I can't say enough good things about this presentation. Would love to see more from Nate Barbettini, he will certainly be on my radar!
I've already watched this 3 times. It's really fantastic reference material, as are the slides that accompany it. Very well done!
The best explanation of OAuth and OpenID connect I saw on the internet (including paid ones). Respect!
Wish I went straight to this video to learn about this.
Really useful and precise way to explain such a difficult subject. Thank you very much for sharing our knowledge.
I never had such a clear understanding for any youtube technical material in one go. Kudos @Nate... Your explanation is bang on, and what an insightful delivery. Keep it up man..!!!
Thanks for the kind words. I'm glad the presentation was helpful!
Great Presentation !
Authentication > OpenID Connect to get identity of the person from the auth server.
Authorization > OAuth 2.0 > Meant for dealing with what's permitted for access from the auth server.
I always understood authorization/ but the authentication which is just the 5-10% on top of authorization was so tricky to understand. This helped to understand
25 mins into the video... and i already love the way you explained till now... hopefully it will be much clear once i finish it... no more banging on the wall to understand OAuth... :-D
After witnessing this, I was so impressed that I decided to pause my exploration of OAuth/OpenID. It's truly fantastic.
i was feeling so bad to not understand identity protocols. thank you so much Nate! you made my day with your awesome pure explanation.
I've been wasting days to understand what oauth really is. This is really a very good presentation. Thanks Nate everything is crystal clear
After watching multiple videos on OAuth I was about to give up learning this. Luckily I saw this video and it saved me. Thanks Nate
This was much longer than the other videos I've watched on OAuth 2.0, but this one was a much better explanation. Worth the extra time.
This is amazing. Not only in what you’ve presented and what you’ve taught me but the way you’ve presented it is impressive!
Wicked! Even if you know Oauth 2.0, it's worth watching the entire presentation to get a deeper understanding of why it's so prevalent!
The topics of AuthN and AuthZ were always scary to me and like Nate said in the video mostly it’s because the confusing content on the web. But this talk is so crystal clear and brings so much clarification into my efforts in understanding OAuth, as well as authentication/authorization concepts. Kudos! Hats off!
Nate is brilliant - what else can be said... such a gem is so rare among software tutors
a little history and some practical use cases can make any learning absolutely easy and understandable! thanks Nate!
This is great!! after a week long online research and hair pulling, this video is a godsend to me!
Thanks a ton for this valuable information!!!!
This is the best explanation in the internet for OAuth
I was thinking of coming up with a simple explanation to explain the concepts to my team. Now, I can just forward this video. Thanks Nate Barbettini for creating content of such high quality.
Glad it was useful!
16:15 terminology section - very helpful
21:00 key part of process
One of the best IT talks I have seen. Certainly the clearest and most helpful resource on OAuth that I have found so far. Top-class content and presentation - thanks!
Excellent video! I've been banging my head to the wall for the last couple days, until i saw your presentation. Can't praise you guys enough! Thanks!
This is the best explanation i've found on youtube.Thanks a lot
One of the best hour invested so far in the topic. Thank you
Wow. You make it so easy to digest and understand. Its a good sign when you make a note to look for other material you've created to learn from
Had so many gaps in my knowledge, had to make notes to make sure I can go back to those, good job Nate.
wowww this is amazing! After getting confused with all the information I read online about Oauth 2.0 and OpenID connect, this explanation makes everything clear in my head. Thanks very much for the clear, precise and concise explanation! 🙏🙂
Hi Nate, I was struggling to understand this protocol and then came across your presentation. It's now very clear. Thanks so much.
wow this is one of the best vidoes on Auth 2.0 and Open ID Connect. I had watching many other vidoes and still did not understand Auth but this video has enlighted me. Thank OktaDev
Just outstanding!
The world owes you one
Thanks for watching!
A very easy to understand and clean explanation of the OAuth and OIDC protocols. Thanks for this. I read the spec to understand all of it but I wish I had seen this video first. Even went into the technical details a little bit to really ground all of this in real examples that a web developer can understand.
The most clear explaination of OAuth2.0 and OpenID out there! Thank you!
Best explanation I've heard. He explains the history, which is important. He gives just enough technical detail and now I understand backchannels vs front channels.
I watch this video every 1.5 years to refresh.
Remember guys. ID token is always a JWT token and is a result of authentication.
Access Token is a result of authorization and can be a JWT token but doesn’t necessarily have to be.
Many of us also watch this video periodically. Nate did an amazing job! 🤩
Watched every minute and what a fantastic presentation Nate, still to this date 5 years later.
Brilliant presentation. as always, when things are explained in plain English, it makes the topic understandable.
The Best explanation on oAuth, Concept explained in very simple manner. Earlier I confused and struggled a lot to understand oAuth .
Don't worry, everyone struggles with it at some point. I'm glad the talk was able to help 😃
I've been stumbling around trying to understand this all day today!
Thanks for this cool explanation!
Kudos!
16:30 Important term missing → "scope" but apart from that this slide helps demystifing much of the ivory-tower oauth2-people magic-chants. Explaining the back flow and front flow was key (for me) to understand the design decisions of oauth2. As was the important distinction between authorization and authentication. (Microsoft usse Graph to do the latter)
Thank you so much for this presentation. Absolutely love, how you systematically introduced the concepts. Especially about how OpenID fits in with the whole Oauth flow. That was the part that always confused me. You explained the evolution of these technologies, and that timeline is important in understanding why they were created, and what problem it is trying to solve. Keep up the good work.
The best explanation for oauth2.0 and openID connect on youtube. Nate, you made it simple