YoVDO

Adding Business Logic to Your Tokens - What Could Possibly Go Wrong

Offered By: NDC Conferences via YouTube

Tags

NDC Conferences Courses Token-Based Authentication Courses Claims Management Courses API Testing Courses Access Tokens Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the potential pitfalls of adding business logic to tokens in this 48-minute conference talk from NDC Conferences. Learn about the differences between ID tokens and access tokens, and understand the risks associated with adding numerous claims related to business logic. Discover the limitations and security concerns that arise from overloading tokens with excessive information. Follow the journey of the "Lost Puppy Project" to gain insights into best practices for token management. Examine the process of creating an Identity Server, testing APIs, and handling token validation. Delve into practical issues such as cookie size limitations, Kong gateway constraints, and the challenges of undocumented endpoints. Gain valuable knowledge on balancing convenience and security when working with tokens in identity management systems.

Syllabus

Introduction
About Linda
Lost Puppy Project
Key Tips
Basic Access Token
What happened when I took over
Picking a token
Reading the RFC
Token Scopes
Creating an Identity Server
Testing API
What could possibly go wrong
Application ID
API
Security Token Validator
Cookies
Max cookie size
Cookie Chunky Manager
Kong has limits
Kong has a big head
We cant get rid of them
Kong error fix
Removing the token
Why was this a problem
Two minds
Undocumented endpoints
Time
Story
Why do we have 14day access tokens
Recap
Love your puppy project
Lunch


Taught by

NDC Conferences

Related Courses

Tokenisation and Encryption in Digital Payments, FinTech
Udemy
APIs Exposed
NDC Conferences via YouTube
ASP.NET Core 3 - IdentityServer4 - Implementing Sign-in Redirect with OIDC-Client.js - Episode 15
Raw Coding via YouTube
ASP.NET Core 3 - OAuth Client Implementation - Episode 6
Raw Coding via YouTube
ASP.NET Core 3 - OAuth - Securing the API - Episode 7
Raw Coding via YouTube