Authentication as a Microservice - Portable Customer Identity Management

Overview

Explore authentication as a microservice and portable customer identity management in this 38-minute conference talk. Learn about the advantages of microservice architecture and common pitfalls, including increased network chatter and security issues. Discover the basics of authentication and authorization as a microservice, as well as JWT revocation. Gain insights into decoupling authentication, user management, and user data for a portable identity model. Understand the evolution of authentication methods, tokenization, and JSON Web Tokens. Delve into topics such as token mapping, signature verification, key rotation, and refresh tokens. Acquire knowledge on securing your authentication system and implementing revocation mechanisms.

Syllabus

Introduction
How did we log into these apps
Cookies are secure
Why is this painful
The evolution
Tokenization
Token Mapping
JSON Web Token
Header and Body
Signature
Select Change
Show Code
No Signature
HMAC Hack
RSA Public Key
Verifying RSA Signature
Rotating Keys
Key ID
JSON
Hackproof Security
Refresh Tokens
Revocation
Auth to access tokens

Taught by

OWASP Foundation

Reviews

Start your review of Authentication as a Microservice - Portable Customer Identity Management

Taught by

JWTs - Patterns and Anti-patterns in Authentication

Don't Lose Sleep, Secure Your REST

Public Key Caching Strategies for Token Signature Validation - DevSecCon

Modern and Secure IAM for Modern Applications

Never Stop Learning.