We offer web security training courses for primarily two target audiences: First, developers who want to learn about web application security, single sign-on, TLS, XML, and web service technologies. Second, penetration testers who want to get an in-depth knowledge about web security. Our discussed topics are both known, and also usually unknown attacks, along with their countermeasures. Furthermore, we go into detail regarding solutions to automate security tests.

OAuth 2.1 and OpenID Connect – Master Class

Your Benefits

Master the security best practices for OAuth and OpenID Connect with this interactive training.

  • Navigate the maze of numerous OAuth and OpenID Connect standards.
  • Realize complex scenarios using standardized features that increase security and maintainability.
  • Ensure future-proofness and interoperability in your implementations.
  • Avoid costly and time-consuming errors in design and implementation.
hackmanit it security schulung tage

2 Days

hackmanit it security schulung hands-on


hackmanit it security schulung team teilnahme zertifikat

Certificate of Attendance

hackmanit it security schulung preis

1.490 €*

Select the Training Content Tailored to Your Individual Needs

We work with you to select the specific topics in advance in order to provide your team with the greatest possible benefit.

  • Advanced Use Cases
    • Single-Page Applications
    • API Chaining and Composition
    • OpenBanking
    • eHealth

  • Enhanced Countermeasures
    • Proof Key for Code Exchange (PKCE, RFC7636)
    • AS Issuer Identification (RFC9207)

  • Advanced Cyber Attacks
    • Issuer Confusion
    • Malicious Endpoint Attacks
    • IdP Confusion / Mix-Up

  • Sophisticated Security Features
    • Proof-of-Possession Tokens: mTLS (RFC8705), DPoP (RFC9449)
    • Strong Client Authentication: mTLS (RFC8705), JWT (RFC7523)
    • HTTP Message Signing

  • Improving Authentication and Authorization Requests
    • Pushed Authorization Requests (PAR, RFC9126)
    • Rich Authorization Requests (RAR, RFC9396)
    • JWT-Secured Authorization Request (JAR, RFC9101)

  • Specific Authentication and Authorization Requests
    • Cross-Device Flows: CIBA vs. Device Grant (RFC8628)
    • User-Managed Access (UMA) 2.0
    • Token Exchange
    • Federation

  • FAPI – High-Security Profiles
    • Overview of the FAPI Profile
    • FAPI 1.0 and FAPI 2.0
    • To which regulations can be complied with FAPI?

  • Strong Authentication
  • One Step Ahead of the Hackers
    • OAuth 2.1
    • OAuth Working Group Trends
    • Verifiable Credentials
    • Grant Negotiation and Authorization Protocol (GNAP) – The "successor" to OAuth?

Target Audience

This training is intended for everyone who wants to develop or operate complex scenarios in Identity and Access Management (IAM) with OAuth or OpenID Connect.

This course is helpful for, among others:

  • Administrators and integrators for identity and access management
  • Developers who want to use the highest industry standard in their implementation
  • Penetration testers and security analysts

To participate, technical knowledge of OAuth and OpenID Connect (e.g., the structure of the various protocol flows, messages and the ID token) is required.

This training builds on the Single Sign-On Security: OAuth and OpenID Connect training. We recommend that you first attend the Single Sign-On Security: OAuth and OpenID Connect training or both training courses in combination.

Booking Options

Customized training options for you or your team.

hackmanit it security schulung team online

Team online training
(at least 5 participants)

hackmanit it security schulung präsenzschulung bei ihnen

On-site training at your company

hackmanit it security schulung präsenzschulung bei Hackmanit

On-site training at Hackmanit

Whether team online training or on-site training, we adapt to your wishes. Contact the person responsible for the desired training to receive an individual and non-binding offer. Send your individual booking request by email to Dr. Christian Mainka:


Short Overview

Duration  |  2 days, 8 hrs. per day (incl. breaks)
Time  |  from 9:00 to 17:00 o’clock
Total Price  |  1.490€ plus VAT (per person)
Registration  |  by email to Dr. Christian Mainka


Dr. Christian Mainka

Your Contact for This Training

Dr. Christian Mainka

* All prices excl. VAT