I like to remember the places I have been and I always liked the idea of having a map of those places, so as any developer would do, I built a web application for that.
In this talk, we will see how you can use Python and Auth0 together to build your very own "Where Have I Been" map! I will walk you through all the steps we will need starting from scratch. From building the first API endpoints, protecting the endpoints that create new markers, all the data manipulation, and even deployment!
Auth for IOT: Securing Your Smart Home
Heather Downing, Principal Developer Advocate, Okta
Have you moved into a new house and want to automate *all the things*? Sounds pretty cool, right? Just one tiny concern: how secure is it to use "smart home" devices? Should you create your own software to control your blinds? What about hacking your cameras? The world of IoT (Internet of Things) has so many options to choose from but very little guidance about how secure they are, and how you as a developer can prevent unauthorized access. In this session, we will go over what you can do with existing platforms like Alexa and roll your own DIY projects to lock down who can use them - YOU.
OAuth: Past, Present, and Future
Aaron Parecki, Security Architect Group Manager, Okta
Vittorio Bertocci, Principal Architect, Auth0
OAuth is the foundation of most of modern online security, used everywhere from signing in to mobile apps to protecting your bank accounts. Despite its ubiquity, there are still many misconceptions about OAuth and OpenID Connect in the wild.
In this session you'll learn about the background and original motivations that drove the creation of OAuth, how OAuth and OpenID Connect are used today to provide secure online experiences, as well as the latest developments and future work within the OAuth and OpenID Connect communities.
This session will cover the many new RFCs that have been published since the original draft of OAuth 2.0, which both add and remove functionality from the core spec. These include OAuth 2.0 for Native Apps, Proof Key for Code Exchange, OAuth 2.0 Security Best Current Practice, as well as some in-progress and experimental drafts such as JWT Access Tokens, Rich Authorization Requests, and various Proof of Possession techniques. This session will cover the current status of this ongoing work and what you need to know to be prepared for the future.
Authenticating Your Next(js) Jamstack App with Auth0
Kapehe, Developer Relations, Sanity.io
The recently released Auth0 Next.js SDK makes authenticating Next.js apps quick and seamless. We'll go through setting up the SDK to authenticate and protect your routes. Everything is online now so it's important to keep your application safe, secure, and up-to-date on authentication standards. Let me show you how.
Inclusive Digital Identity and Web Monetization for Earning Online
Uchi Uchibeke, Director of Developer Relations, Coil
Digital IDs controlled by the users enables users to seamlessly onboard to any web app or platform. With Web Monetization, users can earn freely and spend freely from their digital Identity connected wallets. This talk with highlight two open standards, the Verifiable Credential Standard and the Web Monetization Standard and show how developers can build with them today.
Seamlessly Integrate Identity Into Your APIs with Okta and Kong
Bharat Bhat, Marketing Lead, Developer Relations, Okta
Vik Gamov, Principal Developer Advocate, Kong
Mike Bilodeau, Product Marketing, Corp Dev, Kong
Learn how to implement powerful new authentication and authorization scenarios with Kong and Okta. In this demo-heavy session, we will show you how to do sophisticated API access and API management flows with OIDC and OAuth - including how to plug in Identity into your CI/CD pipelines.
Shift-Left DevOps for Your APIs with Okta and JFrog
Jeff Taylor, Senior Product Manager, Developer Experience, Okta
Jeff Fry, Senior Technical Alliances Manager, JFrog
With Okta and JFrog, strengthen your shift-left DevSecOps strategy by validating the security of your application’s REST API endpoints before you release to production and to your customers. Learn how you can use Okta and JFrog to automate the validation of your authentication and authorization policies for your REST APIs.
OAuth for Game and XR Developers
Nick Gamb, Senior Developer Advocate, Okta
Gaming and XR technology represent a wild west for identity security. The industry itself is one of the most highly targeted and breach prone in all of tech, yet security is commonly prioritized last. Often user experience is emphasised over security and best practice standards are not always a perfect fit for some target platforms such as consoles or headsets. With constantly increasing demand for interconnected experiences in gaming, growing reliance on cloud based backend solutions, and the increased collection of player data occurring as players become the product, security has become paramount for game developers. In this talk, we will deep dive into how game and XR developers can balance experience and security using the security best practice standard OAuth. We will discuss the basics of OAuth, designing experiences for different target platforms, and using a player's authorization to interact with other cloud based backend solutions. This session is intended for game/XR developers, or developers who are interested in game/XR development, and assumes a basic level of development knowledge with related engines and tech. Existing experience with identity security best practices and OAuth are not required.
There are a number of grant types defined by OAuth, but some are more secure than others. In this talk, we’ll go over how you can add more security to your applications using PKCE. You’ll learn how this builds off of the Authorization Code grant type and we’ll go through a live demo of implementing PKCE in an application.
Closing Keynote with Cassidy Williams
Cassidy Williams, Startup advisor, Investor, Meme-creator, and Engineer, Netlify
Join us for an exciting afternoon keynote to close out our first annual Developer Day with Cassidy Williams.