Building Clients for OpenID Connect - OAuth 2-based Systems

Explore best practices for building clients that utilize OpenID Connect and OAuth 2 protocols in this comprehensive conference talk. Dive into the complexities of authentication and API access, learning how to simplify front-end development while addressing challenges such as selecting appropriate protocol flows, secure token storage, and token lifetime management. Gain insights on implementing solutions for native server applications, client-side applications, browser-based applications, and Single Page Applications (SPAs). Discover the intricacies of various flows including Client Credentials, Authorization Code, Hybrid, and Implicit, as well as their potential issues. Examine anti-patterns, explore the use of client libraries, and understand the implications of Same Site Cookies and "Backend for Frontend" (BFF) architecture. Leave equipped with knowledge to make informed decisions when building secure and efficient clients for OpenID Connect and OAuth 2-based systems.