Four-Project Series

Federation and Single Sign-On with OpenID Connect you own this product

prerequisites
basic JavaScript • basic npm use • intermediate in-browser development tools • basic command line/terminal proficiency
skills learned
route management and middleware in Express.js • use OpenSSL to generate secure, random strings • fetch and cache data in Node.js • perform an Authorization Code grant • Single Sign-On between applications on different domains using OpenID Connect • define and use scopes • validate JWTs • authorize API calls using OAuth2
Josh Cunningham
4 weeks · 6-8 hours per week average · BEGINNER
filed under
includes 4 liveProjects
liveProject $35.99 $59.99 self-paced learning

You’re the sole engineer for PrincipalStack, an online publication for new developers. Previously, PrincipalStack only accepted internal submissions, but its cofounder would like to improve user engagement by inviting every community member to register, log in, and post comments. Your task is to enable sharing of user identities between the web application and post creation system built as a standalone single-page application (SPA). Using tools including Node.js, HTML, and npm, you’ll build an authorization server, implement authorization using OpenID Connect, build an OAuth2-Protected API, and enable your internal team to work in both the newly built community-engaging SPA and the main application—all with the same identity. Once you’ve finished this series of liveProjects, you’ll have valuable hands-on experience with authentication, authorization, Single Sign-On between applications, defining and using scopes and permissions, validating JWTs, and other federation essentials.

These projects are designed for learning purposes and are not complete, production-ready applications or solutions.
Get Your Certificate of Completion—Free!
Finish the work in this liveProject to earn a Certificate of Completion. Once you’re done with your build, take a short online test, then contact the liveProject mentor who will review your submissions. Finally, set up a 15-minute video call with the mentor to verify your work.

This was a great work and I would like to give my congratulations to the author.

Paulo Ricardo Stradioti, Senior .NET Developer, IBM Digital Business Automation

here's what's included

Project 1 Build an Authorization Server

After six years of accepting only internal submissions, PrincipalStack’s cofounder would like to invite all community members to register, log in, and post comments. As the sole engineer for the publication, your task is to build the foundation for this entire system: the authorization server. Using Express on Node.js, you’ll install, configure, and test an OpenID Connect-capable authorization server. You’ll build the pages that let users create their profile, prove their identity, and end their session. You’ll also foster community participation by allowing users to log in with an email address—and without a password.

$29.99 FREE
try now
Project 2 Login with OIDC

You’re the sole engineer for PrincipalStack, an online publication focused on teaching software engineering the right way. As part of the company’s efforts to engage new users, your job is to connect the newly built OpenID Connect server with the main web application. Using Node.js, you’ll register the new web application with the authorization server, install and configure an OpenID Connect library, implement login authorization with OAuth 2.0, and integrate the new OpenID Connect authentication with an existing set of users.

$29.99 $19.49
add to cart
Project 3 Build an OAuth2-Protected API

Improve developer engagement in PrincipalStack, an online publication of software development content. As its sole software engineer, your task is to create an API to expose the posting functionality of the Node.js web application. You’ll build a simple CRUD (create, read, update, delete) API and protect it with JWT-formatted access tokens issued by the authorization server, while maintaining the association between the content managed by the API and the original user who created it. When you’re done, you’ll have provided an interface for all external contributors, enhancing their user experience.

$29.99 $19.49
add to cart
Project 4 Modify a SPA to Use OIDC

As the sole engineer for PrincipalStack, an online developer-focused publication, your task is to use an authorization server to log in users and enable your internal team to work in both the newly built community-engaging, single-page application (SPA) and the main (legacy) application—under the same identity. When you’re done, you’ll have leveraged tools including browser-provided JavaScript APIs and HTML to modify the SPA so that it can request, store, and use access tokens tied to that single identity to call the API.

$29.99 $19.49
add to cart

project author

Josh Cunningham

Josh Cunningham is a staff product engineer at Okta (formerly Auth0) leading a team of engineers to help partners build identity solutions. Previously, he led the onboarding program for new engineers and built open-source SDKs to help customers connect their applications to Auth0 using OpenID Connect, OAuth2, and SAML. Josh has been teaching and writing about technology for over two decades in various leadership, design, and engineering roles.

Prerequisites

This liveProject is for intermediate JavaScript developers with some experience building or maintaining a web application using Node.js and using client-side JavaScript in a browser. To begin these liveProjects you’ll need to be familiar with the following:

TOOLS
  • Basic JavaScript (declare variables, use loops and branches, object and array destructuring, debugging, error handling, etc.)
  • Basic Node.js
  • Basic npm use
  • Basic command line/terminal proficiency
  • Basic HTML, specifically forms
  • Intermediate in-browser development tool use (such as network call tracing including URL parameters, request and response headers, and URL parameters; cookie management; and browser console debugging)
TECHNIQUES
  • Basic package management and execution using npm
  • Use environment variables to store sensitive or application-specific data
  • Make simple HTTP requests using cURL or another tool

you will learn

In this liveProject series, you’ll build an OIDC-capable authorization server, implement login using OpenID Connect, build an OAuth2-protected API, and modify a SPA so that it can request, store, and use access tokens to call an API.

  • Route management and middleware in Express.js
  • Use OpenSSL to generate secure, random strings used to sign tokens and session data
  • Fetch and cache data in Node.js
  • Perform an Authorization Code grant, with and without PKCE
  • Single Sign-On between applications on different domains
  • Define and use scopes, permissions, and claims
  • Validate and consume JWT-formatted ID and access tokens
  • Call an API from a single-page application using tokens

features

Self-paced
You choose the schedule and decide how much time to invest as you build your project.
Project roadmap
Each project is divided into several achievable steps.
Get Help
While within the liveProject platform, get help from other participants and our expert mentors.
Compare with others
For each step, compare your deliverable to the solutions by the author and other participants.
book resources
Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.
Get Your Certificate of Completion—Free!
Finish the work in this liveProject to earn a Certificate of Completion. Once you’re done with your build, take a short online test, then contact the liveProject mentor who will review your submissions. Finally, set up a 15-minute video call with the mentor to verify your work.

I did learn what I was hoping to learn and I’ll certainly apply the knowledge in some of my upcoming projects.

Raimi Rufai, Software Development Expert, SAP Labs, Inc.
RECENTLY VIEWED