CodeX Academy

Technical Competency Library

---

Project maintained by CodeX Academy

Auth Apprentice 5

A developer who can secure front-end and back-end systems using oAuth and OIDC.

Master the following skills:

• Defend the utilty of JWTs as ID tokens
• Generate a JWT that contains user metadata
• Recognize an invalid JWT
• Describe the anatomy of a JWT
• Implement social login without IDaaS using OIDC
• Implement a server that can intercept a JWT bearer token and grant or deny access to the application based on it’s validity
• Implement front-end that delegates login to external service, receives token, and uses token to access back-end resources
• Implement a server that can intercept a JWT bearer token and grant or deny permissions to the application’s features based on it’s claims
• Add a Google Sign-In to an existing web application and implement a hybridized client/server flow
• Add a User model/table to your database to store/retrieve the credentials collected from tokens
• Define permissions in an application database to complement authentication
• Limit access of the application for each logged in user based on permissions

Suggested Learning:

• OpenID Connect Docs
• JWT Docs
• An introduction to OpenID Connect in ASP.NET Core

Evaluation:

Ask your mentor if you are ready for evaluation. Then, do one of the following:

1. Schedule a live evaluation by clicking here to find a time on the calendar. After the evaluation, claim the badge.

or

1. Record a screencast where you talk about and demonstrate each competency listed above. Make sure badge criteria and relevant tools are visible in the screen cast AND that your audio is good enough for the evaluator to hear. Upload the video to a service like Vimeo or Youtube (unlisted is fine) so that you can provide a public url for an evaluator to view. Claim the badge and include the video url in the evidence box.