When it comes to writing code, there’s nothing we take more serious than authentication and security. Modern single page applications bring along new challenges. By using solutions like the OpenID Connect protocol and JSON Web Tokens we can improve the user experience when authenticating with your apps, providing a seamless authentication process. In this talk I will try to explain in depth, the way JSON Web Tokens work and can be used to secure your single page apps. I will explain the difference between using opaque tokens and JWTs. The talks will also give an overview of a modern authentication flow and a step by step breakdown of how it works exactly.
Resources:
- A JWT debugger, more info and list of libraries that help you deal with theme: https://jwt.io
- JWT handbook: https://auth0.com/resources/ebooks/jwt-handbook
- IANA Public claims: https://www.iana.org/assignments/jwt/jwt.xhtml#claims
- More info on the IETF decision to recommend the PKCE OAuth flow over the Implicit flow: https://auth0.com/blog/oauth2-implicit-grant-and-spa/ https://tools.ietf.org/html/draft-ietf-oauth-security-topics-11
- A draft for a JWT access token standard
- Slides for this presentation
