Authentication with OpenID Connect in Angular applications
User authentication has become so complex that developers should not touch it anymore. Anyone building a modern application should consider using an identity provider that handles authentication. However, doing so requires the use of OpenID Connect (OIDC), which brings its own complexity.
In this talk, we look at securely implementing OIDC in an Angular application. We investigate which flow to use in which scenario. We look at the security properties in OpenID Connect, and how to ensure your application respects them. In the end, you will walk away with practical advice on implementing authentication with OIDC in Angular.
Do not build custom authentication mechanisms
Delegate authentication with OpenID Connect
Use the right OIDC flow for your application
Use a proper library to integrate OIDC
Remember that the devil is always in the details
Philippe De Ryck helps developers protect companies through better web security. As the founder of Pragmatic Web Security, he travels the world to train developers on web security and security engineering. His Ph.D. in web security from KU Leuven lies at the basis of his exceptional knowledge of the security landscape. Google recognizes Philippe as a Google Developer Expert for his work on security in Angular applications.