Session: Rethinking Token-based Security: OAuth 2.0 Security Best Current Practice
Token-based security on top of standards like OAuth 2.0, JWT, and OpenId Connect provides a lot of flexibility for modern software architectures. To use this idea safely with SPAs, the upcoming 'OAuth 2.0 Security Best Current Practice' document provides a lot of strategies.
As a surprise for many of us, it leaves no stone uncovered: It recommends flows originally intended for native applications, suddenly allows using refresh tokens in the browser (at least in some circumstances), and tells us that just using cookies might not be a bad idea at all.
In this session, I'll guide you through these ideas. You will learn what's behind them and when to choose which approaches.
SOFTWAREarchitekt.at, Google Developer Expert and Microsoft MVP | Austria
Trainer and Consultant with focus on Angular. Google Developer Expert (GDE) who writes for O'Reilly and the German Java Magazine. Regularly speaks at conferences.
Workshop
Architectures for Enterprise Applications with Nx
Manfred's books
See Manfred in action
Join our mailing list
Sign up to receive updates about JS Poland, including workshops, speaker previews, ticket launches, JS Awards, Behind the Code Magazine, CFP details and other exclusive content. We won’t spam you and will only send you emails we genuinely think you’ll find interesting. You can unsubscribe at any time and you can find more information here.