OAuth 2 0 and OpenID Connect for Single Page Applications Philippe De Ryck

preview_player
Показать описание
-

Managed by the OWASP® Foundation
  1. OWASP Foundation
  2. owasp
  3. appsec
Рекомендации по теме
An Illustrated Guide 0:16:36

An Illustrated Guide to OAuth and OpenID Connect

OAuth 2.0 and 1:02:17

OAuth 2.0 and OpenID Connect (in plain English)

OAuth 2.0 & 0:16:19

OAuth 2.0 & OpenID Connect (OIDC): Technical Overview

Introduction to OAuth 2:43:46

Introduction to OAuth 2.0 and OpenID Connect By Philippe De Ryck

OAuth 2.0 explained 0:10:03

OAuth 2.0 explained with examples

OAuth 2 0 0:36:53

OAuth 2 0 and OpenID Connect for Single Page Applications Philippe De Ryck

Что такое OAuth 0:14:27

Что такое OAuth 2.0 и OpenID Connect за 15 минут

What is OAuth 0:08:39

What is OAuth 2.0 and OpenID Connect?

OpenID Connect vs 0:08:50

OpenID Connect vs OAuth | OpenID Connect explained

Introduction to OAuth 0:47:18

Introduction to OAuth 2.0 and OpenID Connect • Philippe De Ryck • GOTO 2018

How To Secure 0:30:33

How To Secure Applications Using OpenID Connect and OAuth 2.0

ID Tokens VS 0:08:38

ID Tokens VS Access Tokens: What's the Difference?

OAuth 2.0 Explained 0:09:52

OAuth 2.0 Explained - Authentication Example using OpenID, JWT and Opaque Tokens

Learn OAuth2.0 & 0:17:12

Learn OAuth2.0 & OpenID Connect in Under 20 minutes

OAuth 2.0: An 0:06:34

OAuth 2.0: An Overview

Как работает OAuth 0:05:07

Как работает OAuth 2 - введение (просто и понятно)

OAuth and OpenID 0:10:18

OAuth and OpenID Connect - Know the Difference

Oauth2.0 and OpenID 0:17:32

Oauth2.0 and OpenID Connect with F5 APM - Part 1

Everything You Ever 0:33:21

Everything You Ever Wanted to Know About OAuth and OIDC

SAML Vs OAuth 0:07:40

SAML Vs OAuth Vs Openid Differences and Application

SAML vs. OpenID 0:02:49

SAML vs. OpenID (OIDC): What's the Difference?

SSO: SAML vs 0:06:24

SSO: SAML vs OAUTH vs OIDC

oAuth for Beginners 0:10:43

oAuth for Beginners - How oauth authentication🔒 works ?

Profiling OAuth 2 0:20:35

Profiling OAuth 2 0 and OpenID Connect for Enterprise Use - OSW 2020

Комментарии
Автор

I absolutely loved this presentation! It made so many things so much clearer.

My friend and I are working on a SPA + REST API project, and we thought it was a good idea to add login with Google to it. I was aware of the OAuth2.0 and OpenID Connect specifications, and thought it was going to be easy, until I found myself in a situation I didn't even know had an official term to it - Backend For Frontend.

Every tutorial on the internet shows how to add Google login to either a traditional application, where the backend returns plain HTML to the browser, or purely on a SPA frontend, like the theme of this talk.

So I came here thinking the presentation would talk about my problem, whereas in reality, it talks about a purely frontend based application. Just to find out at the end, that what I'm trying to implement is indeed a backend for frontend.

TheMediinaa
Автор

Thanks for such a lean explanation, I loved every moment of it, and I hope that you know that you made things a lot clearer for me

heshamamer
Автор

What a great session!!
Thanks a lot Philippe!

galilioXX
Автор

wow ! such an amazing and simplified explanation .

kpavankumar
Автор

Thanks a lot for such a great explanation. It was extremly helpful for me! You described all my questions about authorization in SPA with microservices

vvetrovv
Автор

Fantastic explanation. Massive thanks!

Sanjay-pusp
Автор

Thanks for sharing! 

However do you have a tutorial which implements Backend For Frontend (BFF) framework with Authorization code with PKCE in addition to this tutorial? It is unsafe to store access token on browser.

shanescad
Автор

Any tips on videos on how to implement the BFF pattern? Preferably using Spring Boot.

nhlm
Автор

How would the bff handle multiple calls for tolken refresh?
Senario is, frontend sends 3-4 requests to get data.

skapator
Автор

Thanks for the great explanation. I just want to ask you one thing that how an Identity provider makes a POST request to frontend application in Step no 9 (authorization response), especially in SPA application? And if it is making post request to my server then how I will return to user browser? Please help me, I am trying to implement apple id SSO with openId connect.

sumitjoshi_
Автор

Goeimorgen Philippe, Do you still suggest using a BFF (Backend For Frontend) or Token Handler when the Authorization Code Flow with PKCE is employed for SPAs (Single Page Applications)?

bruxelleskarim
Автор

Great explanation, Thanks! I don't understand why using BFF is safer. An attacker could still steal the browser's cookies and compromise the system. That is, it indirectly continues to use the tokens.

gustabart
Автор

I don't agree with the conclusion of this talk. The whole point of BFF and http-only auth cookies is to prevent an attacker that has gained acces to execute js code through an xss attack, to steal the auth-token from your storage and thereby execute requests on your behalf. If an attacker has managed to sucessfully gain access, he can execute api calls directly from the clients browser with or without bff.

tombalabomba