Thursday Nov 1
12:00 –
12:50
Location: C 01

Introduction to OAuth 2.0 and OpenID Connect

Slides:


This video is available in the GOTO Play video app! Download it to enjoy offline access to our conference videos while on the move.

Available in Google Play Store or Available in Apple App Store




OAuth is a delegation framework that appears on the radar of security professionals and developers more and more every day. OAuth intersects with authentication and access control, yet you would not likely use OAuth in and of itself for authentication, session management or an access control in your applications. Even more confusing, OAuth is not a standard and various service providers will likely have different implementations. Let's say it again, OAuth is not a standard - its a framework for delegation. So this leaves us with questions! What really is delegation? Where does OAuth fit in? How can I use OAuth in a secure fashion?

To add more confusion to this topic, OpenID Connect was build on top of OAuth 2.0. OpenID Connect has become an industry leading standard for user identification. It is used by many of the largest organizations on the web. When implemented properly, OpenID Connect can be a reliable and secure solution for user identification. When implemented improperly, OpenID Connect can leave a gaping whole in your infrastructure that leaks important capabilities to unwanted parties.

This talk with provide an introduction to both topics and what their intended use is really for.

security
oauth
openid connect
deploying security
Philippe De Ryck
Founder of Pragmatic Web Security, Google Developer Expert
Organized by