Everything You Ever Wanted to Know About OAuth and OIDC

I watched a lot of videos about the context and this is the most clear and satifying explanation of them all. thank you very very much.

Thanks a lot, Aaron. This is by far the best and comprehensive video I saw about these topics.

Nice 👍 Please post some videos on OIDC Single Sign on.

Excellent content!

Excellent! Thank you very much!

Thanks Aaron! This is the clearest explanation about oauth that I have seen

Very clear and concise Thanks a bunch!

Fantastic video, thank you. In fact the only explanation of these concepts I could find that made sense.

Great video, thank you for clearly explaining this topic!!!

Also Where did you get that shirt it is awesome!

By far the best explanation! 🙌
Thank you! You rock!

Fantastic explanation! Thank you!

Great explanation! Thanks

Excellently explained! Thanks!

Wow!!! This is SPOT ON. Thanks for the excellent presentation Aaron.

It was nicely done, Aaron! Excellent presentation and effortless communication!

that is soooo useful! )
great explanation, thanks!

Such a great presentation !!!!

Amazing explanation.

One more question : As mentioned in the use case , if the Access Token has 8 hours validity and during the registration/login , user gave consent for some explicit scopes ( example vehicle data) , the access token has the claims information and if clients are checking the claims information and validity against IDP token introspection endpoint and based on the response are letting the user uses their api. What if in the meantime , user revoke some of the consent ? Access Token will still consist the previously given consent information and if the client is based on IDP token introspection response then critical service access will become accessible. Revoking the token and asking the user to log in again so correct consent based token can be generated can lead to very bad user experience if IDP has global logout & SSO . Any best practices here ? Please share some . Thanx

Hi , I have a question regarding Refresh Token Use case especially when we have a unreliable clients ( Native Apps) . The new best practice about Refresh Token mentions that it should be replaced with each new token exchange request . So basically with new token exchange request , client receives a new refresh Token along with Access & ID Token . How should we tackle a Logout scenario if client is mobile app . Mobile App can have very unreliable network and due to this User can be logout due to expired Token . Is there any best practices regarding this use case ? Thanks I’m advance . Ok

Fantastic video!