Back to All Events

Secure API access with OAuth 2.0 in Angular

  • Holiday Inn Gent Expo Maaltekouter 3 9051 Gent Belgium (map)


The de facto standard for securing API access today is OAuth 2.0. Unfortunately, OAuth 2.0 is an extremely complex framework, with a large number of security considerations and gotcha’s. On top of that, current best practices have redefined how Angular applications are supposed to obtain and use access tokens.

In this workshop, we dive deep into OAuth 2.0. We start with an Angular application that uses custom form-based authentication to obtain a token. Throughout the workshop, we integrate OAuth 2.0 as the mechanism to obtain our access tokens. With those access tokens, we show how to securely access a set of APIs.

Additionally, we dive into real-world problems with OAuth 2.0. How do you handle an expired access token? Are you supposed to use refresh token (hint: you are not!)? And what are the benefits of the recent backend-for-frontend pattern? We answer all these questions, and more.

Everyone who is currently working with OAuth 2.0, or is considering it, should attend this workshop. The workshop strongly focuses on building a secure implementing following current best practices for security. No prerequisite knowledge of OAuth 2.0 is required.


07:30 - 08:30

  • Continental breakfast buffet with the trainers

08:30 - 10:30

  • Introduction

  • Introduction to OAuth 2.0 and OpenID Connect

  • Implementing OAuth 2.0 in Angular

10:30 - 11:00

  • Break with coffees, teas, juices, fresh yoghurt and fruits

11:00 - 12:30

  • Access tokens and refresh tokens

  • Handling token expiration

  • Renewing access tokens in Angular

12:30 - 14:00

  • Lunch with fresh soup, salads, selections of cold and warm fish and meat dishes, dessert

14:00 - 15:30

  • The problem with tokens in the browser

  • Introducing the backend-for-frontend pattern

  • Implementing the backend-for-frontend pattern

15:30 - 16:00

  • Break with coffees, teas, juices, energizers and snacks

16:00 - 17:30:

  • Overview of what we learned

  • A look at token handling in the backend

  • Q & A

Key takeaways

  • The purpose of OAuth 2.0

  • Current security best practices for OAuth 2.0

  • Security considerations for handling tokens in Angular applications

  • Handling expired tokens in Angular

  • The importance of the backend-for-frontend pattern


Pragmatic Web Security

Philippe De Ryck

Earlier Event: December 6
Angular Universal and PWA