Knock knock, who's there? Authenticating your single page apps using JSON Web Tokens

When it comes to writing code, there’s nothing we take more serious than authentication and security. Modern single page applications bring along new challenges. By using solutions like the OpenID Connect protocol and JSON Web Tokens we can improve the user experience when authenticating with your apps, providing a seamless authentication process. In this talk I will try to explain in depth, the way JSON Web Tokens work and can be used to secure your single page apps. I will explain the difference between using opaque tokens and JWTs. The talks will also give an overview of a modern authentication flow and a step by step breakdown of how it works exactly.


Resources mentioned in this session:

- A JWT debugger, more info and list of libraries that help you deal with theme: https://jwt.io - JWT handbook: https://auth0.com/resources/ebooks/jwt-handbook - Link to the slides: https://jwt.sambego.tech - IANA Public claims: https://www.iana.org/assignments/jwt/jwt.xhtml#claims - More info on the IETF decision to recommend the PKCE OAuth flow over the Implicit flow: https://auth0.com/blog/oauth2-implicit-grant-and-spa/ https://tools.ietf.org/html/draft-ietf-oauth-security-topics-11 - A draft for a JWT access token standard:

https://datatracker.ietf.org/doc/draft-ietf-oauth-access-token-jwt/?include_text=1


Sam Bellen

I'm Google Developer Expert who works as a Developer Evangelist at Auth0. At Auth0 we're trying to make authentication and identification as easy as possible, while still keeping it secure. After office hours I like to play around with the web-audio API, and other "exotic" browser API's. One of my side projects is a library to add audio effects to an audio input using JavaScript. When I'm not behind a computer, you can me find playing the guitar, having a beer at a concert, or trying to snap the next perfect picture.


Find Sam on twitter

MyDevSecOps ©2020 POWERED BY SNYK

The MyDevSecOps community is powered by Snyk Ltd. Our aim is to create a vendor-neutral space to share knowledge and best practices related to software security.

avatar-transparent.png
  • White Twitter Icon
  • White YouTube Icon