Explore the challenges of authentication and authorization in distributed systems, microservices, and Web APIs through this comprehensive conference talk. Delve into the principles of OAuth2, OpenID Connect, and JSON Web Tokens (JWT) standards, and discover how they address auth* challenges in modern architectures. Learn about a clever solution using JBoss Keycloak, and gain insights into security tokens, authorization flows, refresh token flows, and JWT claims. Examine practical implementations with JavaScript and security APIs, and understand the ecosystem of managed services. Conclude with a Q&A session to solidify your understanding of Single Sign-On (SSO) for Web APIs.
Overview
Syllabus
Intro
Security
Token
Authorization Flow
Refresh Token Flow
OpenID Connect
JSON Web Tokens
JWT Claims
JWT Tokens
Conclusion
JavaScript
Security APIs
Ecosystem
Managed services
Key Clock
KeyClock
Code
Questions
Taught by
Devoxx
Related Courses
-
Introduction to OAuth2, OpenID Connect and JSON Web Tokens (JWT)
-
Effective Oauth2 with Spring Security and Spring Boot
-
API Security on Google Cloud's Apigee API Platform
-
Modern Authentication
-
OpenID Connect as SSO Solution - Strengths and Weaknesses
-
Three Profiles of OAuth2 for Identity and Access Management - 2016
