Implementing OpenID Connect and OAuth 2.0 – Tips from the Trenches

Explore common patterns and challenges in implementing OpenID Connect and OAuth 2.0 for modern application architectures in this comprehensive conference talk. Gain insights into designing token-based systems, selecting appropriate protocol flows, and addressing key considerations such as resource and token design, client integration, session management, and revocation. Learn about identity tokens, access tokens, and the differences between self-contained and reference tokens. Discover practical tips for navigating authentication and authorization in microservices and cloud-native applications, and understand how to effectively implement these protocols to enable secure and scalable identity and access control solutions.

Introduction
Agenda
Common requirements
Architecture diagram
Application types
Questions to ask
What are clients
What are resources
First iteration
Identity
External Systems
Protocol Flows
Identity Token
Session Management
Resource Access
Keep it Simple
Access Tokens
Access Token Revocation
Selfcontained vs reference tokens
Summary