Do you want to build a cool iOS/Android app to share your photos on Twitter, Facebook or Google+? If so, you will need to authenticate through OAuth2. Instead of using their own authentication schemes, most providers choose to implement OAuth2. It gives users a secure way to talk to their services, but more importantly, allows users to safely authorise access to their data from third-party services without giving them their credentials.
If you think security topic is hard to tackle, join us! We'll make OAuth2 framework, OpenID Connect protocol, JWT (Json Web Token), and even encryption (with Alice and Bob) easy to understand. With some drawings and chatting, tokens are fun and OAuth2 will have no secret to you!
We'll see the challenges to overcome from a native app perspective: embedded web view vs external browser, URL schema for callback, local storage for tokens, refresh access tokens transparently... And what about Hybrid app? Could we bring the power of native apps to Hybrid through Cordova plugins? Unbearable suspense.
Do you want to build a cool iOS app to share your photos on Twitter, Facebook or Google+? If so, you will need to authenticate through OAuth2. Instead of using their own authentication schemes, most providers choose to implement OAuth2. It gives users a secure way to talk to their services, but more importantly, allows users to safely authorise access to their data from third-party services without giving them their credentials.
If you think security topic is hard to tackle, join us! We'll make OAuth2 framework, OpenID Connect protocol, JWT (Json Web Token), and even encryption (with Alice and Bob) easy to understand. With some drawings and chatting, tokens are fun and OAuth2 will have no secret to you!
We'll see the challenges to overcome from a native app perspective: embedded web view vs external browser, URL schema for callback, local storage for tokens, refresh access tokens transparently... We will visit what's available on open srouce libraries to help you achieve authentication and authorization without pain.
Enfin une manière simple et non intrusive de sécuriser vos APIs REST et vos clients mobiles!
Avec OAuth2, le protocole ouvert et largement suivi par les fournisseurs de médias sociaux, vous pouvez gerer l'authentification et l'authorisation aux services securises de vos clients sans avoir à fournir d'identifiants de connection.
Si vous trouvez que OAuth2 est un sujet difficle à appréhender, cette session est faite pour vous! Nous vous parlerons du framework OAuth2, du protocole OpenID Connect, de token JWT (Json Web Token), et même de cryptage (avec Alice et Bob bien sur!). Avec quelques dessins et un duo de choc, on pourrait parler de tokens pendant des heures et OAuth2 n'aura plus de secret pour vous!
Nous aborderons les challenges spécifiques aux applications natives: iOS, Android et Windows Phone, sans oublier les applications hybrides grâce aux plugins Cordova. En passant server side, nous vous monterons comment sécuriser vos points d’accès REST en utlisant Keycloak (serveur d’authentification Open Source).