APIs

Authentication: JWT Flows & OAuth Basics

Name: Authentication: JWT Flows & OAuth Basics
Price: 1390 MYR

Implement token flows responsibly, understand rotation, and avoid common auth footguns.

Cover art for Authentication: JWT Flows & OAuth Basics

MYR 1,390 · 5 weeks · hybrid

Hybrid mentor hours hybrid

Outline

Sessions versus tokens, refresh strategies, and OAuth basics are taught with threat modelling in plain language. You will not copy-paste “secure” snippets without explaining why they exist.

Inclusions

Threat modelling worksheet per feature
JWT with rotation lab (staging only)
OAuth consent screens walkthrough
Password hashing parameters in practice
CORS and cookie flags clinic
Audit log patterns
Incident response tabletop (facilitated)

Outcomes

Implement login with refresh rotation in staging
Document token lifetimes and revocation plan
Present a threat summary to peers

Participant notes

“The JWT rotation lab made our staging catches more honest — specific to this authentication cohort.”

— Siti · survey

“OAuth consent screen walkthrough finally lined up with what our security reviewer asked for in Authentication: JWT Flows & OAuth Basics.”

— Greg · Platform engineer

Straight answers

Penetration testing?

We discuss professional testing but do not run paid engagements inside the course.

Compliance?

PDPA-aware practices are highlighted; legal advice is not provided.

What we omit?

Hardware security modules and advanced identity federation are out of scope.