Skip to main content
Advanced ~32 hours
⚙️ Backend Engineer🏛️ Senior Backend Engineer🛡️ Security Engineer

Implement an OAuth 2.0 Provider

Build the server side of OAuth 2.0 — auth code flow, refresh tokens, JWT signing, the works. Hard but resume-defining.

TypeScript or PythonPostgreSQLRedisJOSE library

About this project

Most engineers can consume OAuth; very few can implement the server side. This project teaches the spec deeply: authorization code flow with PKCE, refresh tokens, client credential rotation, JWT signing with key rotation, and the security details (state, nonce, CSRF protection) that get a real audit passed. This is a portfolio piece that gets senior+ interview loops.

Why build this in 2026?

Identity work is one of the few engineering specialties AI hasn't commoditised — the security details require deep judgement.

What you'll ship

  • GitHub repo with full spec compliance docs
Working demo (your provider + a sample client app)
Security writeup explaining one defense per attack vector

Sign up to see the full project brief

Full deliverables, success criteria, and AI Career Tutor support — free.

Sign up free Already have an account? Sign in

You'll unlock:Complete project brief, AI tutor that knows this project, and progress tracking when you start.

Skills you'll practice

rest apissecuritypostgresql