Description
The de facto standard for securing API access today is OAuth 2.0. Unfortunately, OAuth 2.0 is an extremely complex framework, with a large number of security considerations and gotcha’s. On top of that, current best practices have redefined how Angular applications are supposed to obtain and use access tokens.
In this workshop, we dive deep into OAuth 2.0. We start with an Angular application that uses custom form-based authentication to obtain a token. Throughout the workshop, we integrate OAuth 2.0 as the mechanism to obtain our access tokens. With those access tokens, we show how to securely access a set of APIs.
Additionally, we dive into real-world problems with OAuth 2.0. How do you handle an expired access token? Are you supposed to use refresh token (hint: you are not!)? And what are the benefits of the recent backend-for-frontend pattern? We answer all these questions, and more.
Everyone who is currently working with OAuth 2.0, or is considering it, should attend this workshop. The workshop strongly focuses on building a secure implementing following current best practices for security. No prerequisite knowledge of OAuth 2.0 is required.
Schedule
07:30 - 08:30
Continental breakfast buffet with the trainers
08:30 - 10:30
Introduction
Introduction to OAuth 2.0 and OpenID Connect
Implementing OAuth 2.0 in Angular
10:30 - 11:00
Break with coffees, teas, juices, fresh yoghurt and fruits
11:00 - 12:30
Access tokens and refresh tokens
Handling token expiration
Renewing access tokens in Angular
12:30 - 14:00
Lunch with fresh soup, salads, selections of cold and warm fish and meat dishes, dessert
14:00 - 15:30
The problem with tokens in the browser
Introducing the backend-for-frontend pattern
Implementing the backend-for-frontend pattern
15:30 - 16:00
Break with coffees, teas, juices, energizers and snacks
16:00 - 17:30:
Overview of what we learned
A look at token handling in the backend
Q & A
Key takeaways
The purpose of OAuth 2.0
Current security best practices for OAuth 2.0
Security considerations for handling tokens in Angular applications
Handling expired tokens in Angular
The importance of the backend-for-frontend pattern
Trainers
Philippe De Ryck