Authentication & Authorization: OAuth

Implementing Web Security with OAuth 2.0


大约 2 个星期

6小时每周 (自主学习)




大约 2 个星期

6小时每周 (自主学习)



As a Python programmer, leveraging Flask allows you to quickly and easily build your own web applications. But before you share your apps on the Internet you should protect your users' data, ensuring information stored on your site is safe from unwanted manipulation. You could implement web security and permissions on your own, but relying on trusted providers is a faster, safer, and easier way to allow users to login to your application - without having to create and maintain another account, profile, and password.

In this course, you will learn to implement the OAuth 2.0 framework to allow users to securely login to your web applications. You'll be provided a restaurant menu application created in Flask. By the end of this course, you will write the necessary code to implement Google+ Sign-In and Facebook Login in options so users can create restaurant menus that are viewable by everyone but only modifiable by the original creator.



OAuth 2.0 is a popular framework that allows users to login to your web application by using third party sign ins, from providers they've already created and trust, with the click of a button. And because passwords and sensitive data are never sent, your web application does not have to deal with the complexities of secure password storage and security breaches. Your users can then control the level of access your application has to their data, and change or revoke this access at any point in time.


This course was built to expand upon the concepts introduced in Full Stack Foundations, specifically:

  • performing CRUD operations
  • making use of templates
  • developing with the Flask framework

Additionally, HTML, JavaScript, AJAX are heavily used in this course. A basic understanding of these technologies is needed to get the most out of these lectures.

If you'd like to refresh your HTML knowledge start with our Intro to HTML and CSS course. You can check out the JavaScript Basics and Intro to AJAX courses to brush up on these topics as well.







Lesson 1 - Authentication vs. Authorization

Learn the difference between the concepts of authentication and authorization and address some major security concerns that developers must protect against when developing a web application. You will learn how OAuth 2.0 makes implementing security easier for developers and users alike by allowing your users to sign in to your applications while keeping all of the security on well-known and trusted OAuth providers. Finally, you will see OAuth 2.0 in action as you make API requests using Google's OAuth 2.0 Playground.

Lesson 2 - Creating a Google+ Sign-In

Learn about the different types of security flows your application can implement. You will see how security can be handled by your server, your user's browser, or both depending on the type of security your application needs. You will then add a Google+ Sign-In to an existing web application and implement a hybridized client/server flow.

Lesson 3 - Local Permission Systems

Add python code to create server-side rules that will constitute a permission system. This system will limit access of the database for each logged in user based on how the developer designs this code. You will add a User model model to your database to store the credentials, such as username, email, and profile picture, collected from the OAuth provider's API.

Lesson 4 - Adding Facebook & Other Providers

Learn to implement multiple OAuth providers on your web application. You will add Facebook Login as an alternative sign in option for your users and understand how to use OAuth provider documentation to add as many providers as you see fit for your application.


Gundega Dekena

Gundega Dekena

Gundega 曾是优达学城的学员。如今,从某种意义上来说,她依然是个学生,因为她每天都会从一起共事的讲师和优达学城的同事身上学到新的东西。

如果你想阅读一些关于机器人、科技和游戏方面的趣味新闻,不妨在 G+ 上关注她 -

Lorenzo Brown

Lorenzo Brown

Lorenzo 在大学时的一次夏令营中第一次教授计算机科学,这次经历激发了他对教育的热情。他曾在波士顿、博伊西、伯利恒、耶路撒冷和墨西哥城居住过,最后在加利福尼亚定居。Lorenzo 喜欢旅行、烹饪及开展 DIY 项目。他拥有麻省理工学院数学与计算机科学专业学位,并喜欢关注中东研究。