Useful Resources About Auth

Authentication and authorization are complex topics with a rapidly evolving ecosystem. This page collects high-quality resources—including curated lists, articles, interactive tools, courses, and official standards—to help you deepen your understanding of identity, access management, OAuth, OpenID Connect, and related technologies. Whether you’re a beginner or an experienced developer, you’ll find valuable links here to support your learning and implementation journey.

Table of Contents

Awesome Lists​

• kdeldycke/awesome-iam (github.com)
• casbin/awesome-auth (github.com)

Blogs, Articles, and Knowledge Bases​

• What is identity and access management (IAM)? (cloudflare.com)
• oauth.net by Aaron Parecki (oauth.net)
• OpenID Connect Primer (developer.okta.com)
• SAML Explained in Plain English (onelogin.com)

Podcasts​

• Identity at the Center Podcast (identityatthecenter.com)
• The Identity Navigator (open.spotify.com)

Interactive Resources​

• Authentication Request Playground (zitadel.com)
• OAuth 2.0 Playground (oauth.com)
• JWT Debugger (jwt.io)
• JWT Decoder (fusionauth.io)
• Passkeys Playground (learnpasskeys.io)
• Passkeys Playground (passkeys.com)

Courses​

• Diploma in Identity and Access Management (alison.com)
• Cyber Security Foundations: Identity and Access Management (futurelearn.com)
• Identity and Access Management (IAM) by Rassoul Zadeh (4.5/5) (udemy.com)
• OpenID Connect & JWT: User identity for your apps & APIs by Matthias Biehl (4.3/5) (udemy.com)
• Identity and Access Management (IAM) by Packt (coursera.org)

Who to follow​

• Rohit Agnihotri (linkedin.com) - Host of the Identity Navigator
• Eve Maler (linkedin.com) - CTO and leadership in XML, SAML
• Simon Moffatt (linkedin.com) - Founder at The Cyber Hut, published author and contributor to NIST/IETF
• Nat Sakimura (linkedin.com) - Chairman at OpenID Foundation

Standards​

• RFC7636 - Proof Key for Code Exchange (rfc-editor.org)
• RFC9700 - Best Current Practice for OAuth 2.0 Security (datatracker.ietf.org)
• RFC6749 - The OAuth 2.0 Authorization Framework (datatracker.ietf.org)
• RFC6750 - Bearer Token Usage (datatracker.ietf.org)
• RFC7521 - Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (datatracker.ietf.org)
• RFC7523 - JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (datatracker.ietf.org)
• RFC7519 - JSON Web Token (JWT) (datatracker.ietf.org)
• RFC7515 - JSON Web Signature (JWS) (datatracker.ietf.org)
• RFC7516 - JSON Web Encryption (JWE) (datatracker.ietf.org)
• RFC7517 - JSON Web Key (JWK) (datatracker.ietf.org)
• RFC7518 - JSON Web Algorithms (JWA) (datatracker.ietf.org)
• RFC7033 - WebFinger (datatracker.ietf.org)

OpenID Connect Standards​

Minimal

• OpenID Connect Core 1.0 (openid.net)

Dynamic

• OpenID Connect Discovery 1.0 (openid.net)
• OpenID Connect Dynamic Client Registration 1.0 (openid.net)

Complete

• OpenID Connect Session Management 1.0 (openid.net)
• OAuth 2.0 Form Post Response Mode (openid.net)

Other

• OAuth 2.0 Multiple Response Type Encoding Practices (openid.net)
• Implementer's Draft Self-Issued OpenID Provider v2 - draft 13 (openid.net)