Explore best practices for building clients using OpenID Connect and OAuth 2 protocols in this comprehensive 57-minute conference talk. Delve into the complexities of authentication and API access, learning how to simplify front-end development while addressing challenges such as selecting appropriate protocol flows, secure token storage, and token lifetime management. Gain insights into implementing client credentials flow, authorization code flow, and hybrid flow for various client types, including native, server-side, client-side, and browser-based applications. Discover the pros and cons of different approaches, understand anti-patterns to avoid, and learn about modern solutions like AppAuth and the "BFF" architecture. Master token management techniques for JavaScript applications and stay up-to-date with the latest developments in browser security, such as SameSite cookies.
Building Clients for OpenID Connect - OAuth 2-based Systems
Overview
Syllabus
Intro
Objectives
It's complicated!
Client Credentials Flow
Use Token
Front-Channel: Authorization Code Flow Request
Back-Channel: Retrieving Tokens
Issues with Code Flow
Hybrid Flow Request
Hybrid Flow Response
Issues with Hybrid Flow
Public Clients
Native/Mobile Applications
Anti Pattern: Resource Owner Password Flow
Using a browser for driving the authentication workflow (aka AppAuth)
Requesting the access token
Client Libraries
Browser-based Clients (aka SPAS)
History (1)
Implicit Flow Request
Problems with Implicit Flow
Token Management for JS Apps
Java Script Client Library
The new kid on the block: SameSite Cookies
"BFF" Architecture
Taught by
NDC Conferences
Related Courses
-
Building Clients for OpenID Connect - OAuth 2-based Systems
-
Building Clients for OpenID Connect - OAuth 2-based Systems
-
Building Clients for OpenID Connect - OAuth 2-based Systems
-
OpenID Connect & OAuth 2.0 - Security Best Practices
-
OpenID Connect & OAuth 2.0 - Security Best Practices
-
Building JavaScript and Mobile - Native Clients for Token-Based Architectures
