- OpenAPI
- Authentication
- oAuth
- Security
- JWT
Not your Uncle's Auth - OAuth2.1 and Other Updates in Securing Your API
OAuth 2.0 and adjacent technologies, such as the JWT format, have been been extraordinarily successful in providing a viable mechanism for authorizing API calls in a wide variety of scenarios. The lax nature of the specification, however, left a lot as exercise for the reader- which resulted in many insecure and non interoperable deployments. The standard group worked to fill the gaps by releasing a sequence of addendum to the core spec, fleshing out new scenarios (native clients, SPAs), security recommendations and more, making it very hard for implementers to keep up with what's really needed to develop secure solutions. OAuth 2.1 is a proposed update to the core spec that incorporates back the most salient new guidance; together with new important updates, such as a profile detailing how to use JWT tokens in OAuth in interoperable fashion, it represents a new breed of guidance that will streamline your API security strategy. Come to this session to learn about those changes and how you can take advantage of them in your solution!