Web authentication and authorization has come a long way in the last ten years. In this talk we'll look at where we've come from and how to OAuth and OIDC solved the problems we faced.
30. What is an access token anyway
Sent by a client in calls to a service.
Demonstrates a user has consented access to resources.
Two varieties:
- Reference tokens
- Self encoded tokens
47. OpenID Connect Default Scopes
Openid
Indicates an OpenId request
Profile
Access to the user’s profile
Email
Access to the user’s email address
Address
Access to the user’s physical address
Phone
Access to the user’s telephone number
Offline_access
Request refresh token for continued access
53. Access Token vs ID Token
OAuth specification
Audience is the resource server
Describes the granted access by the user
OpenId Specification
Audience is the client
Describes the authentication of the user
54. Simple Login – OpenID Connect
Single Sign-on – OpenID Connect
Mobile App Login – OpenID Connect
Delegated Access – OAuth 2.0
Digital Identity
Today