If you want to learn about token-based stateless authentication in REST services, this session is for you. You will learn why stateless authentication simplifies your development and we will introduce you to Json Web Tokens (JWT). We are going to pay attention to best practices for handling JWT and what security details and possible tradeoffs you may take into consideration before start coding.
These days almost all projects uses some form of REST architecture to expose resources to their clients (browser, mobile, ...).
One of most important points are to secure your endpoints; authenticate users and identify them inside the system.
When we think of REST security we might think about protocols such as Oauth, ClientID or SAML.
But the question is; do we need these protocols in all cases or could we get away with a simpler method that is still to be considered secure and attack proof?
Come to this session to learn; how the Json Web Token(JWT) standard can simplify your authentication model while maintaining high security, and the advantages of using JWT from a developers point of view.
This session is an introduction to JWT. No "master of the security universe" prerequisite required to benefit from this session.