Explore token-based authentication and access control for modern API-backed applications in this 58-minute conference talk by Brock Allen and Dominick Baier. Learn about requesting, managing, and using tokens for both browser-based and native clients. Discover the differences in approaches and protocol features for various client types. Gain insights into security protocols, discovery, authentication in JavaScript-based apps, token validation, user profiles, API calls, token management, and renewal. Examine native client scenarios, including web server-driven authentication, browser types, OpenID Connect Hybrid Flow, and access token handling. Benefit from the expertise of two client library authors as they share their experiences in building modern front-ends for token-based architectures.
Building JavaScript and Mobile - Native Clients for Token-Based Architectures
Overview
Syllabus
Intro
The big Picture
Security Protocols (11)
Token-based Clients...
Modern/Pure JavaScript apps
No more cookies for security
Discovery
Authentication in JS-based apps
Validating id tokens
More identity data with user profile
Using access token to call user profile
Calling other web APIs
Token management
Renewing tokens
Native Clients
Using a web server for driving the authentication workflow
Browser types
OpenID Connect Hybrid Flow
Requesting the access token
Refreshing an Access Token
Taught by
NDC Conferences
Related Courses
-
API Platform 3 Part 2: Security for your Treasures
-
Building Clients for OpenID Connect - OAuth 2-based Systems
-
Symfony 5 Security: Authenticators
-
MS-600: Implement Microsoft identity
-
Building Clients for OpenID Connect - OAuth 2-based Systems
-
Building Clients for OpenID Connect - OAuth 2-based Systems
