Authentication as a Microservice - Portable Customer Identity Management
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore authentication as a microservice and portable customer identity management in this 38-minute conference talk. Learn about the advantages of microservice architecture and common pitfalls, including increased network chatter and security issues. Discover the basics of authentication and authorization as a microservice, as well as JWT revocation. Gain insights into decoupling authentication, user management, and user data for a portable identity model. Understand the evolution of authentication methods, tokenization, and JSON Web Tokens. Delve into topics such as token mapping, signature verification, key rotation, and refresh tokens. Acquire knowledge on securing your authentication system and implementing revocation mechanisms.
Syllabus
Introduction
How did we log into these apps
Cookies are secure
Why is this painful
The evolution
Tokenization
Token Mapping
JSON Web Token
Header and Body
Signature
Select Change
Show Code
No Signature
HMAC Hack
RSA Public Key
Verifying RSA Signature
Rotating Keys
Key ID
JSON
Hackproof Security
Refresh Tokens
Revocation
Auth to access tokens
Taught by
OWASP Foundation
Related Courses
Server-side Development with NodeJSThe Hong Kong University of Science and Technology via Coursera API Security on Google Cloud's Apigee API Platform
Google Cloud via Coursera Authentication and Authorization using Node.js
Microsoft via edX Legacy - Node: De cero a experto
Udemy Effective Oauth2 with Spring Security and Spring Boot
Pluralsight