This is a placeholder to gauge interest in a masterclass for ATProtocol OAuth. The time frame is fall 2025, probably in October or early November, but that could be brought up or pushed back depending on interest.
If interested, RSVP "Interested" and share your email address with me through the Smoke Signal RSVP.
The target audience includes developers of all levels that may have some familiarity with authentication patterns, OAuth, or OAuth integrations, but want to learn more about what OAuth is in the context of ATProtocol and how it is used across the ATmosphere. Experience with ATProtocol isn't required.
This is a paid class that would include:
- 2-4 hour interactive online class (recorded)
- Reference documents and presentation
- Reference projects with documentation
- 1-3 projects in the top-requested languages participants request that demonstrate ATProtocol OAuth workflows
Additionally, I'm thinking about an add-on that includes coaching / pairing time.
This class material isn't exhaustive, but looks like:
What are handles and how are handles resolved?
What are DIDs, DID documents, and how are they resolved?
What is OAuth, and what is the relationship between protected resources and authorization servers?
What are clients and dynamic clients?
What are client credentials, client assertions, and client meta-data?
What is PAR, PKCE, and DPoP?
What are claims, grant types, and the parameters used during authorization and token flows?
What are access and refresh tokens, and how are they managed?
What errors can happen along the way?
What is OpenID Connect and how is it different?
What are app-passwords and how are they different?
What are inter-service authentication tokens and how are they different?
How is ATProtocol OAuth used with front-end, desktop, mobile, device, and typical backend applications?
How is ATProtocol OAuth used with XRPC services?
What data structures are needed in applications that implement different OAuth flows and how much needs to be retained and when?
What cryptography essentials do I need to know?
+ Key management + Observability + Security considerations + The SDK landscape + More