Knock knock, who’s there? Authenticating your single page apps using JSON Web Tokens

When it comes to writing code, there’s nothing we take more serious than authentication and security. Modern single page applications bring along new challenges. By using solutions like the OpenID Connect protocol and JSON Web Tokens we can improve the user experience when authenticating with your apps, providing a seamless authentication process. In this talk I will try to explain in depth, the way JSON Web Tokens work and can be used to secure your single page apps. I will explain the difference between using opaque tokens and JWTs. The talks will also give an overview of a modern authentication flow and a step by step breakdown of how it works exactly.

Resources mentioned in this session:

– A JWT debugger, more info and list of libraries that help you deal with theme: https://jwt.io – JWT handbook: https://auth0.com/resources/ebooks/jwt-handbook – Link to the slides: https://jwt.sambego.tech – IANA Public claims: https://www.iana.org/assignments/jwt/jwt.xhtml#claims – More info on the IETF decision to recommend the PKCE OAuth flow over the Implicit flow: https://auth0.com/blog/oauth2-implicit-grant-and-spa/ https://tools.ietf.org/html/draft-ietf-oauth-security-topics-11 – A draft for a JWT access token standard:

https://datatracker.ietf.org/doc/draft-ietf-oauth-access-token-jwt/?include_text=1

Sam Bellen

Sam Bellen

I’m Google Developer Expert who works as a Developer Evangelist at Auth0. At Auth0 we’re trying to make authentication and identification as easy as possible, while still keeping it secure. After office hours I like to play around with the web-audio API, and other “exotic” browser API’s. One of my side projects is a library to add audio effects to an audio input using JavaScript. When I’m not behind a computer, you can me find playing the guitar, having a beer at a concert, or trying to snap the next perfect picture.

Sam Bellen, Twitter

Related Posts

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.