Description

The de facto standard for securing API access today is OAuth 2.0. Unfortunately, OAuth 2.0 is an extremely complex framework, with a large number of security considerations and gotcha’s. On top of that, current best practices have redefined how Angular applications are supposed to obtain and use access tokens.

In this workshop, we dive deep into OAuth 2.0. We start with an Angular application that uses custom form-based authentication to obtain a token. Throughout the workshop, we integrate OAuth 2.0 as the mechanism to obtain our access tokens. With those access tokens, we show how to securely access a set of APIs.

Additionally, we dive into real-world problems with OAuth 2.0. How do you handle an expired access token? Are you supposed to use refresh token (hint: you are not!)? And what are the benefits of the recent backend-for-frontend pattern? We answer all these questions, and more.

Everyone who is currently working with OAuth 2.0, or is considering it, should attend this workshop. The workshop strongly focuses on building a secure implementing following current best practices for security. No prerequisite knowledge of OAuth 2.0 is required.