Building JavaScript and Mobile - Native Clients for Token-Based Architectures

Explore token-based authentication and access control for modern API-backed applications in this 58-minute conference talk by Brock Allen and Dominick Baier. Learn about requesting, managing, and using tokens for both browser-based and native clients. Discover the differences in approaches and protocol features for various client types. Gain insights into security protocols, discovery, authentication in JavaScript-based apps, token validation, user profiles, API calls, token management, and renewal. Examine native client scenarios, including web server-driven authentication, browser types, OpenID Connect Hybrid Flow, and access token handling. Benefit from the expertise of two client library authors as they share their experiences in building modern front-ends for token-based architectures.

Intro
The big Picture
Security Protocols (11)
Token-based Clients...
Modern/Pure JavaScript apps
No more cookies for security
Discovery
Authentication in JS-based apps
Validating id tokens
More identity data with user profile
Using access token to call user profile
Calling other web APIs
Token management
Renewing tokens
Native Clients
Using a web server for driving the authentication workflow
Browser types
OpenID Connect Hybrid Flow
Requesting the access token
Refreshing an Access Token