Token-based security on top of standards like OAuth 2.0, JWT, and OpenId Connect provides a lot of flexibility for modern software architectures. To use this idea safely with SPAs, the upcoming 'OAuth 2.0 Security Best Current Practice' document provides a lot of strategies.
As a surprise for many of us, it leaves no stone uncovered: It recommends flows originally intended for native applications, suddenly allows using refresh tokens in the browser (at least in some circumstances), and tells us that just using cookies might not be a bad idea at all.
In this session, I'll guide you through these ideas. You will learn what's behind them and when to choose which approaches.
Trainer and Consultant with focus on Angular. Google Developer Expert (GDE) who writes for O'Reilly and the German Java Magazine. Regularly speaks at conferences.
Sign up to receive updates about JS Poland, including workshops, speaker previews, ticket launches, JS Awards, Behind the Code Magazine, CFP details and other exclusive content. We won’t spam you and will only send you emails we genuinely think you’ll find interesting. You can unsubscribe at any time and you can find more information here.