Implementing Microservices Security Patterns & Protocols

Explore a comprehensive conference talk on implementing microservices security patterns and protocols using industry-standard technologies and Spring Security 5.1. Delve into essential concepts such as JWT, JWA, JWS, JWE, JWK, OAuth2, OpenID Connect, and TLS, learning how to combine these standards for robust microservices security. Gain practical insights through alternating explanations and code walkthroughs, covering topics like Web SSO Login, OAuth2 resource servers, edge service gateways, token exchange and relay in microservice call chains, and integration with OpenID Connect/OAuth2 servers. Suitable for developers comfortable with Java and web development, this talk provides a holistic view of securing microservices, even without prior security experience.

Introduction
Audience Survey
OpenID Connect Server
Configuring the Client
Configuring the Application
Demo
Hands Up
Go Under the Hood
JSON What Algorithm
IANA Registry
Why use IANA Registry
JSON Web Key
JSON Web Signature
Verifying JSON Web Signature
Web Encryption
JSON Web Token
OAuth
OAuth Concepts
Client Credentials
Implicit Grant
Authorization Code Grant
Access Token
Open ID Connect