Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

NDC Conferences

Adding Business Logic to Your Tokens - What Could Possibly Go Wrong

NDC Conferences via YouTube

Overview

Explore the potential pitfalls of adding business logic to tokens in this 48-minute conference talk from NDC Conferences. Learn about the differences between ID tokens and access tokens, and understand the risks associated with adding numerous claims related to business logic. Discover the limitations and security concerns that arise from overloading tokens with excessive information. Follow the journey of the "Lost Puppy Project" to gain insights into best practices for token management. Examine the process of creating an Identity Server, testing APIs, and handling token validation. Delve into practical issues such as cookie size limitations, Kong gateway constraints, and the challenges of undocumented endpoints. Gain valuable knowledge on balancing convenience and security when working with tokens in identity management systems.

Syllabus

Introduction
About Linda
Lost Puppy Project
Key Tips
Basic Access Token
What happened when I took over
Picking a token
Reading the RFC
Token Scopes
Creating an Identity Server
Testing API
What could possibly go wrong
Application ID
API
Security Token Validator
Cookies
Max cookie size
Cookie Chunky Manager
Kong has limits
Kong has a big head
We cant get rid of them
Kong error fix
Removing the token
Why was this a problem
Two minds
Undocumented endpoints
Time
Story
Why do we have 14day access tokens
Recap
Love your puppy project
Lunch

Taught by

NDC Conferences

Reviews

Start your review of Adding Business Logic to Your Tokens - What Could Possibly Go Wrong

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.