Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Don't Lose Sleep, Secure Your REST

PHP UK Conference via YouTube

Overview

Learn how to secure your REST API using proven standards implemented by OAuth 2.0 and OpenID Connect in this PHP UK Conference talk. Explore JSON Object Signing and Encryption (JOSE) as the core of a secure standards-based REST API. Discover the components of JOSE, including JSON Web Token (JWT), JSON Web Signature (JWS), and JSON Web Encryption (JWE). Understand key concepts such as cryptography, hierarchical authentication, key rotation, request authorization, and response validation. Gain insights into implementing private claims, timestamp and duration checks, and encrypted data with JWE. Follow along with practical examples of JWT headers, request representations, and response claims to enhance your API security knowledge.

Syllabus

Intro
Auth and Crypto Was Messy
Why Was It A Big Deal?
Cryptography
The Bad — Usability
What Was Missing
What Changed?
The Good — Decoupling
The Good — OSS Libraries
The Good — Hierarchical Auth
What is JOSE?
JSON Web Token (JWT)
JSON Web Signature (JWS)
JSON Web Encryption (JWE)
JSON Web Algorithm
JSON Web Key
Request Example Representation
JWT Header Example
Key Rotation
Request Authorization
Private Request Claims
Hierarchical Credentials
Timestamp and Duration
Request Validation
Private Response Claims
Response Example Representation
JWT Response Claims Example
Response Validation
Encrypted Data with JWE
JWE Header Example
Conclusion
If You Want To Follow Up

Taught by

PHP UK Conference

Reviews

Start your review of Don't Lose Sleep, Secure Your REST

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.