Explore modern authentication approaches in this comprehensive conference talk. Unravel key concepts such as OAuth, OpenID Connect, claims, tokens, and two- and three-legged authentication. Gain insights into the current landscape of distributed applications and services, and understand the importance of modern identity approaches in accessing protected resources without sharing passwords. Learn about basic authentication methods, delve into OAuth overview, and grasp the significance of tokens and claims. Compare two- and three-legged authentication processes, and witness a practical demonstration using IdentityServer 3. Discover the fundamentals of claims-based authentication, various token formats including SAML 2.0 and JSON Web Tokens (JWTs), and different authentication protocols. Examine interactive flows like authorization code, implicit, client credentials, and resource-owner credentials. By the end of this talk, acquire the knowledge to implement modern authentication techniques in your own projects.
Overview
Syllabus
Intro
Traditional application
Modern application
Identity vs Authn vs Authz
Claims-based auth
Terminology
Tokens (vs Passwords)
Token formats
SAML 2.0 Tokens
JSON Web Tokens (JWTS)
Auth protocols
Basic Flow
WS Federation
Fundamentals
Standard scopes
OpenID Connect JWT payload
Endpoints
Authorization Endpoint
Token Endpoint An example
Interactive flows
Authorization code flow (3-legged OAuth)
Token Endpoint Authorization code
Implicit flow (2-legged OAuth)
Client credentials flow (server-to-server calls)
Resource-owner credentials flow (Password flow)
Implementation
Taught by
NDC Conferences
