API development is fun! Everyone is doing it, from large organisations wanting to provide developer access to their systems, to small websites wanting to push web application business logic to the browser. Password security is boring. It’s also harder than you’d think. The number of reported system breeches is on the increase, with big names being hit by hackers. And when it comes to service oriented architecture, you have to secure multiple services. That’s just tedious. There are a number of solutions, but few that let you pretty much forget about security and access control.
In this talk and demo, Ben will show how implementing an identity provider and using OAuth and OpenID Connect can allow you to ramp up your prototypes and MVPs with more ease and to concentrate on the core purpose of the APIs, rather than the layers of security that are a must in today’s digital world. Three takeaways: 1. You will gain an understanding of OAuth and Open ID Connect to authenticate and authorize a user. 2. You will learn about the use of claims and scopes to control access to certain features of a system. 3. You will see a live demo of how to integrate Auth0 with a common API platform.