Everything You Ever Wanted to Know About OAuth and OIDC
Aaron Parecki, Okta
In this session, Aaron Parecki, author of OAuth 2.0 Simplified and co-editor of the in-progress OAuth 2.1 spec, will cover the basics of the OAuth and OpenID Connect protocols. You’ll learn about when you’d want to use OAuth or OpenID Connect (or both!), when to use each of the grant types, and how to use OAuth and OpenID Connect securely from mobile applications. Aaron also covers the latest best practices around OAuth security currently in development by the group. You'll also learn about the upcoming OAuth 2.1 update and what it means for you and your applications. You'll learn how to use JWT access tokens and the tradeoffs that come with them, how to design scopes that allow granular access to various parts of your backend services, and how to design a microservices architecture protected by OAuth at a gateway.
A Developer's Guide to SAML
Nick Gamb, Okta
SAML is one of the most widely used identity security standards in the industry today, yet can seem daunting to support. This is especially true for developers being asked to support SAML for the first time. The age of SAML combined with its numerous revisions over the years makes it difficult to learn and use. Not to mention the complexities of SAML being used in slightly different and nuanced ways in different applications. In this talk, you'll learn all about the SAML protocol, how it works, and how to use it in a modern application. You'll also learn what pitfalls to look out for and how to resolve them.
A Developer's Guide to SCIM
Joël Franusic, Okta
SCIM (pronounced "skim") is a well-designed standard that defines a RESTful API for managing users. Every cloud service that has businesses as customers will eventually need to write an API that allows their customers to manage user accounts. Before SCIM, every service implemented this type of API in a slightly different way, which made interoperability difficult. In this software developer-focused talk, you'll learn why you should never write your own user management API again and use SCIM instead. You'll also learn what you'll need to consider before implementing SCIM and see a live-coded demonstration implementing a SCIM server in Python.
JSON Web Tokens, Macaroons, and PASETOs, Oh My!
Brian Demers, Okta
Security tokens such as JWTs are now commonplace in developer guides and documentation. They are a key part of securing mobile and web applications. Why is this? What benefits do they provide? How should you use them in your applications? In this talk, you'll learn what security tokens are, how to use them, and how to abuse them. >:) Along the way, you'll learn the differences between the three most popular types of security tokens: JWTs, Macaroons, and PASETO, and when to use (and not use!) them.
Building an Auth Experience for Humans
Heather Downing, Okta
In this talk, you will discover how to design secure (and friendly) user experiences when developing your software applications. We will cover best practices in the industry that make an authentication experience easier for users to accept, what things to avoid, and how humans think about security, in general, to make your app a 10 out of 10.
Everything You Want to Know About WebAuthn
Kelley Robinson, Twilio
Authentication is a sneaky problem - the most secure options don't usually have widespread adoption, especially among consumer applications. But what if we could fix that? Narrator: we can.
WebAuthn is a somewhat new authentication standard that uses our everyday devices like phones and computers and turns them into phishing-resistant security keys. It almost sounds too good to be true. This talk will dig into how the technology works, when you can and should use it, and how to get started. We'll dig into why this isn't widely adopted yet and if or when we can expect it to be. You'll walk away with a better understanding of a new authentication channel and possibly some hope for a more secure future.
The New Developer Experience at Okta
Bharat Bhat, Okta
John Pritchard, Okta
Albert Chen, Okta
Jeff Taylor, Okta
In this demo-heavy session, we will introduce the New Developer Edition and explore how Okta has made it easier for all developers to secure apps, protect APIs, and plug into DevOps automation. Join us as we show you the next generation of Auth tooling.
Thanks for attending Oktane21!
Interested in Oktane22? Sign up for more information.