OAuth2 on a National Level - How to Secure Extremely Sensitive APIs

Explore the intricacies of securing highly sensitive APIs on a national scale in this comprehensive talk from NDC Conferences. Delve into the HelseID OAuth-based token service, a crucial component in Norway's health sector for sharing sensitive health information across systems and organizations. Learn about the stringent security requirements that surpass baseline OAuth standards and discover the custom security profile developed for HelseID. Examine the justifications behind these security choices and gain insights into future developments. Cover topics such as OAuth 2.1, FAPI 2.0 security profile, standard web security practices, confidential clients, keypair usage, strict signing algorithm requirements, and the importance of using libraries and conducting code reviews. Understand the challenges and solutions involved in implementing OAuth2 at a national level for extremely sensitive data protection.