Explore authentication as a microservice and portable customer identity management in this 38-minute conference talk. Learn about the advantages of microservice architecture and common pitfalls, including increased network chatter and security issues. Discover the basics of authentication and authorization as a microservice, as well as JWT revocation. Gain insights into decoupling authentication, user management, and user data for a portable identity model. Understand the evolution of authentication methods, tokenization, and JSON Web Tokens. Delve into topics such as token mapping, signature verification, key rotation, and refresh tokens. Acquire knowledge on securing your authentication system and implementing revocation mechanisms.
Authentication as a Microservice - Portable Customer Identity Management
Overview
Syllabus
Introduction
How did we log into these apps
Cookies are secure
Why is this painful
The evolution
Tokenization
Token Mapping
JSON Web Token
Header and Body
Signature
Select Change
Show Code
No Signature
HMAC Hack
RSA Public Key
Verifying RSA Signature
Rotating Keys
Key ID
JSON
Hackproof Security
Refresh Tokens
Revocation
Auth to access tokens
Taught by
OWASP Foundation
