Developer

Aaron Parecki, Okta

In this session, Aaron Parecki, author of OAuth 2.0 Simplified and co-editor of the in-progress OAuth 2.1 spec, will cover the basics of the OAuth and OpenID Connect protocols. You’ll learn about when you’d want to use OAuth or OpenID Connect (or both!), when to use each of the grant types, and how to use OAuth and OpenID Connect securely from mobile applications. Aaron also covers the latest best practices around OAuth security currently in development by the group.  You'll also learn about the upcoming OAuth 2.1 update and what it means for you and your applications. You'll learn how to use JWT access tokens and the tradeoffs that come with them, how to design scopes that allow granular access to various parts of your backend services, and how to design a microservices architecture protected by OAuth at a gateway.

Nick Gamb, Okta

SAML is one of the most widely used identity security standards in the industry today, yet can seem daunting to support. This is especially true for developers being asked to support SAML for the first time.  The age of SAML combined with its numerous revisions over the years makes it difficult to learn and use. Not to mention the complexities of SAML being used in slightly different and nuanced ways in different applications.  In this talk, you'll learn all about the SAML protocol, how it works, and how to use it in a modern application. You'll also learn what pitfalls to look out for and how to resolve them.

Joël Franusic, Okta

SCIM (pronounced "skim") is a well-designed standard that defines a RESTful API for managing users. Every cloud service that has businesses as customers will eventually need to write an API that allows their customers to manage user accounts. Before SCIM, every service implemented this type of API in a slightly different way, which made interoperability difficult.  In this software developer-focused talk, you'll learn why you should never write your own user management API again and use SCIM instead. You'll also learn what you'll need to consider before implementing SCIM and see a live-coded demonstration implementing a SCIM server in Python.

Heather Downing, Okta

In this talk, you will discover how to design secure (and friendly) user experiences when developing your software applications. We will cover best practices in the industry that make an authentication experience easier for users to accept, what things to avoid, and how humans think about security, in general, to make your app a 10 out of 10.

Kelley Robinson, Twilio

Authentication is a sneaky problem - the most secure options don't usually have widespread adoption, especially among consumer applications. But what if we could fix that? Narrator: we can.

WebAuthn is a somewhat new authentication standard that uses our everyday devices like phones and computers and turns them into phishing-resistant security keys. It almost sounds too good to be true. This talk will dig into how the technology works, when you can and should use it, and how to get started. We'll dig into why this isn't widely adopted yet and if or when we can expect it to be. You'll walk away with a better understanding of a new authentication channel and possibly some hope for a more secure future.

Bharat Bhat, Okta
John Pritchard, Okta
Albert Chen, Okta
Jeff Taylor, Okta

In this demo-heavy session, we will introduce the New Developer Edition and explore how Okta has made it easier for all developers to secure apps, protect APIs, and plug into DevOps automation. Join us as we show you the next generation of Auth tooling.