Overview
Syllabus
Intro
Objectives
It's complicated!
Client Credentials Flow
Use Token
Front-Channel: Authorization Code Flow Request
Back-Channel: Retrieving Tokens
Issues with Code Flow
Hybrid Flow Request
Hybrid Flow Response
Issues with Hybrid Flow
Public Clients
Native/Mobile Applications
Anti Pattern: Resource Owner Password Flow
Using a browser for driving the authentication workflow (aka AppAuth)
Requesting the access token
Client Libraries
Browser-based Clients (aka SPAS)
History (1)
Implicit Flow Request
Problems with Implicit Flow
Token Management for JS Apps
Java Script Client Library
The new kid on the block: SameSite Cookies
"BFF" Architecture
Taught by
NDC Conferences