Useful Resources About Auth
Awesome Lists
Blogs, Articles, and Knowlege Bases
- What is identity and access management (IAM)? (cloudflare.com)
- oauth.net by Aaron Parecki (oauth.net)
- OpenID Connect Primer (developer.okta.com)
- SAML Explained in Plain English (onelogin.com)
Interactive Resources
- Authentication Request Playground (zitadel.com)
- OAuth 2.0 Playground (oauth.com)
- JWT Debugger (jwt.io)
- JWT Decoder (fusionauth.io)
- Passkeys Playground (learnpasskeys.io)
- Passkeys Plaground (passkeys.com)
Courses
- Diploma in Identity and Access Management (alison.com)
- Cyber Security Foundations: Identity and Access Management (futurelearn.com)
- Identity and Access Management (IAM) by Rassoul Zadeh (4.5/5) (udemy.com)
- OpenID Connect & JWT: User identity for your apps & APIs by Matthias Biehl (4.3/5) (udemy.com)
- Identity and Access Management (IAM) by Packt (coursera.org)
Standards
- RFC7636 - Proof Key for Code Exchange (rfc-editor.org)
- RFC9700 - Best Current Practice for OAuth 2.0 Security (datatracker.ietf.org)
- RFC6749 - The OAuth 2.0 Authorization Framework (datatracker.ietf.org)
- RFC6750 - Bearer Token Usage (datatracker.ietf.org)
- RFC7521 - Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (datatracker.ietf.org)
- RFC7523 - JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (datatracker.ietf.org)
- RFC7519 - JSON Web Token (JWT) (datatracker.ietf.org)
- RFC7515 - JSON Web Signature (JWS) (datatracker.ietf.org)
- RFC7516 - JSON Web Encryption (JWE) (datatracker.ietf.org)
- RFC7517 - JSON Web Key (JWK) (datatracker.ietf.org)
- RFC7518 - JSON Web Algorithms (JWA) (datatracker.ietf.org)
- RFC7033 - WebFinger (datatracker.ietf.org)
OpenID Connect Standards
Minimal
Dynamic
- OpenID Connect Discovery 1.0 (openid.net)
- OpenID Connect Dynamic Client Registration 1.0 (openid.net)
Complete
Other