OAuth2: The Swiss-Army Framework
OAuth2 is the predominant standard for web authorization. While OAuth1 is a protocol, OAuth2 is an authorization framework. Why the distinction? OAuth2 is used by Google, Facebook, Adobe, Salesforce, Github, and many more, for everything from web and mobile authentication to backend service calls. This session will focus on the myriad of ways OAuth2 can be used to protect APIs, and how companies are implementing OAuth2 in the real world. We will cover the basics of the specification, and its core components. We will learn about grant types and when to use each one. We will discuss the ways the framework is being extended with technologies like JWT and JWT Bearer. We will cover OpenID Connect, and how it is used instead of SAML to handle SSO and federated logins. Finally, we will discuss how OAuth2 continues to evolve going forward. You will leave with a sound understanding of the specification which secures many of today's web services.
Presenters
Brent Shaffer
Software Engineer
Adobe Systems Inc
Brent Shaffer is a musician-turned-software-engineer who sometimes has trouble accepting his true nerdy self. He enjoys running, rock climbing, backpacking, mountaineering, brewing beer, fantasy no...
Show the rest