OAuth/OIDC Threats and Detection
RCCE students will learn the OAuth 2.0 authorization framework and OpenID Connect authentication layer, covering authorization code flows, implicit flows, client credentials, PKCE extensions, token lifecycle management, and JWT structure and validation. RCCE students will learn to identify common OAuth/OIDC vulnerabilities including token theft, authorization code interception, redirect URI manipulation, scope escalation, and insufficient token validation. The course covers incident response for compromised OAuth tokens, revoking active sessions, investigating token abuse in logs, and implementing secure OAuth/OIDC configurations that prevent account takeover. This threat-focused course teaches students to think like adversaries while building robust defenses. At an expert level, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing OAuth/OIDC Threats and Detection
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn — covering OAuth 2.0 authorization framework internals.
- Execute hands-on tasks for core purpose
- Execute hands-on tasks for key roles — covering Delegated authorization without sharing credentials, Resource Owner: entity granting access.
- Execute hands-on tasks for why oauth 2.0 matters for security — covering Replaces password-sharing anti-patterns with scoped tokens.
- Execute hands-on tasks for authorization code
- Execute hands-on tasks for client credentials
- Execute hands-on tasks for implicit (deprecated)
- Execute hands-on tasks for authorization code flow
- Execute hands-on tasks for pkce extension deep dive — covering Client generates random code_verifier, Prevents authorization code interception.
- Execute hands-on tasks for why pkce is critical — covering Client generates random code_verifier.
- Execute hands-on tasks for pkce challenge methods — covering S256: SHA-256 hash of verifier (preferred, secure).
| Module 01 | Course Overview |
| Module 02 | What You Will Learn |
| Module 03 | Core Purpose |
| Module 04 | Key Roles |
| Module 05 | Why OAuth 2.0 Matters for Security |
| Module 06 | Authorization Code |
| Module 07 | Client Credentials |
| Module 08 | Implicit (Deprecated) |
| Module 09 | Authorization Code Flow |
| Module 10 | PKCE Extension Deep Dive |
| Module 11 | Why PKCE Is Critical |
| Module 12 | PKCE Challenge Methods |
| Module 13 | OIDC Adds to OAuth 2.0 |
| Module 14 | Key OIDC Concepts |
All hands-on labs run on Rocheston Rose X OS. Students practice oauth/oidc threats and detection by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Explain Course Overview fundamentals
- Lab 2: Execute hands-on tasks for what you will learn
- Lab 3: Execute hands-on tasks for core purpose
- Lab 4: Execute hands-on tasks for key roles
- Lab 5: Execute hands-on tasks for why oauth 2.0 matters for security
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for OAuth/OIDC Threats and Detection, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI