Remember when setting up an auth system was easy? Me neither. From the signup form, the login form, password reset form, and all the validation in between it can easily take weeks if not months to get something basic up and running. Then you have to deal with all the security considerations. No thanks. During this presentation, the attendees will be introduced to OpenID and OAuth. They will learn how to leverage these technologies to create secure applications, but most importantly, they will learn why and how to delegate authorization and authentication so they can focus on their real work and forget about all that security stuff.
I Don't Care About Security (And Neither Should You)Joel Lord
Remember when setting up an auth system was easy? Me neither. From the signup form, the login form, password reset form, and all the validation in between it can easily take weeks if not months to get something basic up and running. Then you have to deal with all the security considerations. No thanks. During this presentation, the attendees will be introduced to OpenID and OAuth. They will learn how to leverage these technologies to create secure applications, but most importantly, they will learn why and how to delegate authorization and authentication so they can focus on their real work and forget about all that security stuff.
Remember that time where setting up a login page was easy? It seems like nowadays, it take many weeks to start a project just to create a signup form, a login form and a forget password screen. And that is if you don’t need 2 factor authentication or passwordless authentication. In a world of security breaches and privacy violations, it is important for developers to understand how modern identity work.
This talk will be in two parts.
For starters, the attendees will be introduced to modern security protocols like OpenID Connect and OAuth. The basics of token authentication will be explained using simple examples that are easy to understand. The concept of tokens will also be explained, more specifically how JWTs work.
In the second part of this presentation, the attendees will learn how to implement their own authentication server, how to secure their APIs and how to protect their Single Page Applications by making use of the protocols described in the first part.
Finally, the presenter will show the participants how to add Auth0 as an authentication server with minimal code changes and will demonstrate the simplicity of using a third party to handle login, signups, lost password as well as 2 factor authentication or passwordless logins.
The screencast of this presentation can be found at https://youtu.be/o3uy7dgG_n4
There is an assumption in the industry, amongst companies large and small alike, that if they store sensitive user data (and sometimes do some mild encryption) in their database, it's locked in and secured from potential attacks. People rely too heavily on their false assumptions of security, and it usually ends up costing them extensively when that is proven wrong.
In this session, Jonathan will build a foundation for identity and data security that everyone dealing with sensitive data should understand. We'll break down concepts of identity security, common attack vectors and how to protect yourself, and how to harden your web application.
The arena of proper auth & data security standards is often some of the most misunderstood, confusing, and tricky aspects of building Node apps. Using open source auth techniques and proper data encryption standards, we’ll learn how to make intelligent decisions on creating a solid infrastructure to protect our users and data. We’ll dive into auth systems, data attack vectors, how to protect your systems, and common security pitfalls in Node.
I Don't Care About Security (And Neither Should You)Joel Lord
Remember when setting up an auth system was easy? Me neither. From the signup form, the login form, password reset form, and all the validation in between it can easily take weeks if not months to get something basic up and running. Then you have to deal with all the security considerations. No thanks. During this presentation, the attendees will be introduced to OpenID and OAuth. They will learn how to leverage these technologies to create secure applications, but most importantly, they will learn why and how to delegate authorization and authentication so they can focus on their real work and forget about all that security stuff.
Remember that time where setting up a login page was easy? It seems like nowadays, it take many weeks to start a project just to create a signup form, a login form and a forget password screen. And that is if you don’t need 2 factor authentication or passwordless authentication. In a world of security breaches and privacy violations, it is important for developers to understand how modern identity work.
This talk will be in two parts.
For starters, the attendees will be introduced to modern security protocols like OpenID Connect and OAuth. The basics of token authentication will be explained using simple examples that are easy to understand. The concept of tokens will also be explained, more specifically how JWTs work.
In the second part of this presentation, the attendees will learn how to implement their own authentication server, how to secure their APIs and how to protect their Single Page Applications by making use of the protocols described in the first part.
Finally, the presenter will show the participants how to add Auth0 as an authentication server with minimal code changes and will demonstrate the simplicity of using a third party to handle login, signups, lost password as well as 2 factor authentication or passwordless logins.
The screencast of this presentation can be found at https://youtu.be/o3uy7dgG_n4
There is an assumption in the industry, amongst companies large and small alike, that if they store sensitive user data (and sometimes do some mild encryption) in their database, it's locked in and secured from potential attacks. People rely too heavily on their false assumptions of security, and it usually ends up costing them extensively when that is proven wrong.
In this session, Jonathan will build a foundation for identity and data security that everyone dealing with sensitive data should understand. We'll break down concepts of identity security, common attack vectors and how to protect yourself, and how to harden your web application.
The arena of proper auth & data security standards is often some of the most misunderstood, confusing, and tricky aspects of building Node apps. Using open source auth techniques and proper data encryption standards, we’ll learn how to make intelligent decisions on creating a solid infrastructure to protect our users and data. We’ll dive into auth systems, data attack vectors, how to protect your systems, and common security pitfalls in Node.
Web enabled systems are now an integral part of everything we interact with, from microelectronics to voice enabled hardware, from text messages and phone calls to email, and really we’re just limited by our imaginations as to what we can connect. As we explore vast new realms of communication over mixed digital media, we have to ask ourselves how we protect our critical data within potential unsecure environments. Going beyond that, how do we protect some of our more critical data, payment information, in this same realm.
As we look at a multitude of different environments, we’ll be exploring how to secure user identity and payment information through the communication channels, covering topics like:
* Securing identity and payment data through voice commands or text.
* Tokenization and encryption security.
* Techniques for triggering secure transactions from communications media.
At the end of the session, we’ll have a stronger understanding of proper techniques for working with new communication media sources, and see how we can apply fundamental security precepts in potentially insecure environments.
We are in an age where more people have phones than toilets, and there are more active cell phones than people on the planet. How do we protect all of these devices roaming around unsecured locations, especially when they want to pay for something. Learn the secrets behind building a secure mobile backbone, as we explore how to harden security, build systems based on identity confidence, and work towards a future proofed mobile framework.
XSS is much more than just <script>alert(1)</script>. Thousands of unique vectors can be built and more complex payloads to evade filters and WAFs. In these slides, cool techniques to bypass them are described, from HTML to javascript. See also http://brutelogic.com.br/blog
As web enabled systems become an integral part of everything we interact with, how do we secure data in potential unsecure environments?
In this session you'll learn how to apply fundamental security precepts in potentially insecure environments. Topics include:
Securing identity and payment data through voice commands or text
Tokenization and encryption security
Triggering secure transactions from communications media
Building Secure User Interfaces With JWTs (JSON Web Tokens)Stormpath
With new tools like Angular.js and Node.js, it is easier than ever to build User Interfaces and Single-Page Applications (SPAs) backed by APIs.
But how to do it securely? Web browsers are woefully insecure, and hand-rolled APIs are risky.
In this presentation, Robert Damphousse, lead front-end developer at Stormpath, covers web browser security issues, technical best practices and how you can mitigate potential risks. Enjoy!
Topics Covered:
1. Security Concerns for Modern Web Apps
2. Cookies, The Right Way
3. Session ID Problems
4. Token Authentication to the rescue!
5. Angular Examples
One of the most time consuming tasks as a red teamer is diving into filesystems and shares, attempting to identify any potentially sensitive information. Genneraly users store credentials and other sensitive information in local filesystems and this talk has the purpose of explaining how to use the carnivorall as a means to speed up the task of searching important files using several vectors. I will present some proof of concepts, comparisons between tools and my recent success cases in red teaming engagements."
We use tokens to identify resources and try to ensure data security in insecure environments, however the management of these tokens can get quite complex. When we have distributed environments things are harder to deal with. Come to the magical world of JSON Web Tokens and make your life simpler!
A bug bounty tale: Chrome, stylesheets, cookies, and AEScgvwzq
Some weeks ago I found an interesting bug in Chrome and spent the weekend trying to come up with a clever exploit. In the talk, I will explain the details of this exploit.
I Don't Care About Security (And Neither Should You)Joel Lord
Remember that time where setting up a login page was easy? It seems like nowadays, it take many weeks to start a project just to create a signup form, a login form and a forget password screen. During this presentation, the attendees will be introduced to OpenID and OAuth. They will also learn how to leverage these technologies to create more secure application. Most importantly, they will learn how to delegate authorization and authentication so they can focus on their real work and forget about all that security stuff.
I Don't Care About Security (And Neither Should You)Joel Lord
Remember that time where setting up a login page was easy? It seems like nowadays, it take many weeks to start a project just to create a signup form, a login form and a forget password screen. And that is if you don’t need 2 factor authentication or passwordless authentication. During this presentation, the attendees will be introduced to OpenID and OAuth. They will also learn how to leverage this to create secure application or, most importantly, how to delegate to a third party so they can focus on their real work.
Web enabled systems are now an integral part of everything we interact with, from microelectronics to voice enabled hardware, from text messages and phone calls to email, and really we’re just limited by our imaginations as to what we can connect. As we explore vast new realms of communication over mixed digital media, we have to ask ourselves how we protect our critical data within potential unsecure environments. Going beyond that, how do we protect some of our more critical data, payment information, in this same realm.
As we look at a multitude of different environments, we’ll be exploring how to secure user identity and payment information through the communication channels, covering topics like:
* Securing identity and payment data through voice commands or text.
* Tokenization and encryption security.
* Techniques for triggering secure transactions from communications media.
At the end of the session, we’ll have a stronger understanding of proper techniques for working with new communication media sources, and see how we can apply fundamental security precepts in potentially insecure environments.
We are in an age where more people have phones than toilets, and there are more active cell phones than people on the planet. How do we protect all of these devices roaming around unsecured locations, especially when they want to pay for something. Learn the secrets behind building a secure mobile backbone, as we explore how to harden security, build systems based on identity confidence, and work towards a future proofed mobile framework.
XSS is much more than just <script>alert(1)</script>. Thousands of unique vectors can be built and more complex payloads to evade filters and WAFs. In these slides, cool techniques to bypass them are described, from HTML to javascript. See also http://brutelogic.com.br/blog
As web enabled systems become an integral part of everything we interact with, how do we secure data in potential unsecure environments?
In this session you'll learn how to apply fundamental security precepts in potentially insecure environments. Topics include:
Securing identity and payment data through voice commands or text
Tokenization and encryption security
Triggering secure transactions from communications media
Building Secure User Interfaces With JWTs (JSON Web Tokens)Stormpath
With new tools like Angular.js and Node.js, it is easier than ever to build User Interfaces and Single-Page Applications (SPAs) backed by APIs.
But how to do it securely? Web browsers are woefully insecure, and hand-rolled APIs are risky.
In this presentation, Robert Damphousse, lead front-end developer at Stormpath, covers web browser security issues, technical best practices and how you can mitigate potential risks. Enjoy!
Topics Covered:
1. Security Concerns for Modern Web Apps
2. Cookies, The Right Way
3. Session ID Problems
4. Token Authentication to the rescue!
5. Angular Examples
One of the most time consuming tasks as a red teamer is diving into filesystems and shares, attempting to identify any potentially sensitive information. Genneraly users store credentials and other sensitive information in local filesystems and this talk has the purpose of explaining how to use the carnivorall as a means to speed up the task of searching important files using several vectors. I will present some proof of concepts, comparisons between tools and my recent success cases in red teaming engagements."
We use tokens to identify resources and try to ensure data security in insecure environments, however the management of these tokens can get quite complex. When we have distributed environments things are harder to deal with. Come to the magical world of JSON Web Tokens and make your life simpler!
A bug bounty tale: Chrome, stylesheets, cookies, and AEScgvwzq
Some weeks ago I found an interesting bug in Chrome and spent the weekend trying to come up with a clever exploit. In the talk, I will explain the details of this exploit.
I Don't Care About Security (And Neither Should You)Joel Lord
Remember that time where setting up a login page was easy? It seems like nowadays, it take many weeks to start a project just to create a signup form, a login form and a forget password screen. During this presentation, the attendees will be introduced to OpenID and OAuth. They will also learn how to leverage these technologies to create more secure application. Most importantly, they will learn how to delegate authorization and authentication so they can focus on their real work and forget about all that security stuff.
I Don't Care About Security (And Neither Should You)Joel Lord
Remember that time where setting up a login page was easy? It seems like nowadays, it take many weeks to start a project just to create a signup form, a login form and a forget password screen. And that is if you don’t need 2 factor authentication or passwordless authentication. During this presentation, the attendees will be introduced to OpenID and OAuth. They will also learn how to leverage this to create secure application or, most importantly, how to delegate to a third party so they can focus on their real work.
Building a modern API architecture is a constant struggle between ease of development and security. JSON Web Tokens (JWTs) introduce a means of building authentication into JSON objects being transmitted through APIs.
In this session we’ll explore how JWTs work to build verifiable and trusted objects, allowing them to be combined with standards such as OAuth 2 for capturing access tokens, leading to a secure means of JavaScript SDK dev.
People using your web app also use many other online services. You'll often want to pull data from those other services into your app, or publish data from your app out to other services. In this talk, Randy will explain the terminology you need to know, share best practices and techniques for integrating, and walk through two real-world examples. You'll leave with code snippets to help you get started integrating.
Roll Your Own API Management Platform with nginx and LuaJon Moore
We recently replaced a proprietary API management solution with an in-house implementation built with nginx and Lua that let us get to a continuous delivery practice in a handful of months. Learn about our development process and the overall architecture that allowed us to write minimal amounts of code, enjoying native code performance while permitting interactive codeing, and how we leveraged other open source tools like Vagrant, Ansible, and OpenStack to build an automation-rich delivery pipeline. We will also take an in-depth look at our capacity management approach that differs from the rate limiting concept prevalent in the API community.
Keynote that was being held at API Days 2014 in Paris. It covers the rapid growth of IoT and how developers can start applying their APIs in order to be ready for this new era of connected hardware.
Persona: in your browsers, killing your passwordsFrancois Marier
Introduction to Persona, a new cross-browser login system for the web that's built entirely in Javascript. Powered by node.js on the backend, it pushes most of the crypto to the browser in order to create a secure and privacy-sensitive experience.
Accelerated Adoption: HTML5 and CSS3 for ASP.NET DevelopersTodd Anglin
HTML5 and CSS3 have arrived. Are you ready to start adopting these technologies in your web projects? Jump start your understanding of the new rich standards and arm yourself with essential techniques for making the most of HTML5 and CSS3 today. In this half-day workshop, you will learn everything you need to know to effectively start leveraging HTML5 and CSS3 in ASP.NET applications. Learn how HTML5 and CSS3 are removing limits from web design. Discover tools and techniques for adopting HTML5 and CSS3 while still supporting older browsers. Leave with the essential knowledge needed to embrace HTML5 and CSS3 in your next ASP.NET project!
From Ceasar Cipher To Quantum CryptographyJoel Lord
Humans of all times have used codes and ciphers. Some of the greatest wars in history have been won thanks to good encryption, or lost due to great cryptographers. Even if we don’t think about it, encryption and cryptography are a big part of our lives, now that https is the defacto standard for the web. While most modern developers want to ensure that their data is secured, most of them don’t understand how the data is encrypted or how cryptography works. During this talk, the attendees will understand where ciphers come from by going through a journey in the history of cryptography. With examples from the Caesar cipher all the way to quantum cryptography, the speaker will explain in simple terms how cryptography evolved into what it is today and how it should be used to secure user data.
I Don't Care About Security (And Neither Should You)Joel Lord
In this talk, the attendees will learn about OAuth, JWTs and OpenID Connect. By understanding how to use those flows, it will help developers make application more secure and save significant development time. By using simple examples, the speaker tries to make this talk both informative and entertaining.
- OAuth
- What is OAuth
- The access code grant
- The implicit grant
- JWTs
- What is a token
- Anatomy of a JWT
- What is a refresh token
- Simple OAuth server code samples and demo
- Open ID Connect
- General flow
- OIDC demo
I Don't Care About Security (And Neither Should You)Joel Lord
Presented at Twin Cities Code Camp 23
Remember when setting up a login page was easy? It seems like nowadays it can take weeks to start a project--creating a signup form, a login form, a password recovery screen, and all the validation in between. And you haven’t even started on security considerations yet. During this presentation, the attendees will be introduced to OpenID Connect and OAuth. They will also learn how to leverage these technologies to create more secure applications. Most importantly, they will learn how to delegate authorization and authentication so they can focus on their real work and forget about all that security stuff.
I Don't Care About Security (And Neither Should You)Joel Lord
Remember when setting up a login page was easy? It seems like nowadays it can take weeks to start a project -- creating a signup form, a login form, a password recovery screen, and all the validation in between. And you haven't even started on security considerations yet. During this presentation, the attendees will be introduced to OpenID Connect and OAuth. They will also learn how to leverage these technologies to create more secure applications. Most importantly, they will learn how to delegate authorization and authentication so they can focus on their real work and forget about all that security stuff.
Every month, we hear about a new data breach and billions of user passwords are being shared as we speak. How can we stop this? There is a simple solution, let’s stop using passwords! From email links to biometrics, more and more technologies are available to help developers handle different types of credentials. During this presentation, the attendees will learn about some of the alternatives and how to implement them in the context of an OAuth flow.
I Don't Care About Security (And Neither Should You)Joel Lord
Remember when setting up a login page was easy? It seems like nowadays it can take weeks to start a project--creating a signup form, a login form, a password recovery screen, and all the validation in between. And you haven’t even started on security considerations yet. During this presentation, the attendees will be introduced to OpenID Connect and OAuth. They will also learn how to leverage these technologies to create more secure applications. Most importantly, they will learn how to delegate authorization and authentication so they can focus on their real work and forget about all that security stuff.
Presented at South Florida Code Camp '19
À chaque mois, une nouvelle brèche de sécurité pointe son nez dans les médias. Et avec chaque brèche de sécurité, des millions de noms d’utilisateurs et de mots de passes sont partagés. Mais comment cesser ce carnage? Il existe une solution toute simple: cessons d’utiliser des mots de passe! Des lien courriels aux senseurs biométriques, de plus en plus de technologies sont disponibles pour aider les développeurs logiciels à gérer différents types de mode d’identification. Durant cette présentation, les participants apprendront des alternatives aux mots de passe et comment les implémenter dans le context d’un flot OAuth.
When starting to dabble with Javascript, the biggest challenge for most developers is understanding how to deal with asynchronous development. During this talk, we will cover some of the different ways to handle async programming like callbacks, promises, generators, async/away and events. As we cover those, we will also plunge into some of the mechanics of the NodeJs engine, namely the event loop. Developers attending this talk will have a better understanding of asynchronous programming and will have a few new tools to their belt to tackle those issues as they come.
From chatbots to your home thermostat, it seems like machine learning algorithms are everywhere nowadays. How about understanding how this works now? In this talk, you will learn about the basics of machine learning through various basic examples, without the need for a PhD or deep knowledge of assembly. At the end of this talk, you will know what the Naive Bayes classifiers, sentiment analysis and basic genetic algorithms are and how they work. You will also see how to create your own implementations in Javascript.
Every month, we hear about a new data breach and billions of user passwords are being shared as we speak. How can we stop this? There is a simple solution, let’s stop using passwords! From email links to biometrics, more and more technologies are available to help developers handle different types of credentials. During this presentation, the attendees will learn about some of the alternatives and how to implement them in the context of an OAuth flow.
Chances are sooner or later your shiny new single page application will need authentication. Add some security and resource access control to that list as well. But how can we integrate all of this into a single page application that is entirely public? How can we ensure that our users only have access to the resources they are authorized to by hacking way in via the console? In this talk, the attendees will learn about l JSON Web Tokens (JWT) and see how they can be used to properly secure single page applications.
Every month, we hear about a new data breach and billions of user passwords are being shared as we speak. How can we stop this? There is a simple solution, let’s stop using passwords! From email links to biometrics, more and more technologies are available to help developers handle different types of credentials. During this presentation, the attendees will learn about some of the alternatives and how to implement them in the context of an OAuth flow.
This is a talk given at CharmCityJS on May 2nd 2018.
Chances are sooner or later your shiny new single page application will need authentication. Add some security and resource access control to that list as well. But how can we integrate all of this into a single page application that is entirely public? How can we ensure that our users only have access to the resources they are authorized to by hacking way in via the console? In this talk, the attendees will learn about l JSON Web Tokens (JWT) and see how they can be used to properly secure single page applications.
When starting to dabble with Javascript, the biggest challenge for most developers is understanding how to deal with asynchronous development. During this talk, we will cover some of the different ways to handle async programming like callbacks, promises, reactive streams and events. As we cover those, we will also plunge into some of the mechanics of the NodeJs engine, namely the event loop. Developers attending this talk will have a better understanding of asynchronous programming and will have a few new tools to their belt to tackle those issues as they come.
A quick demo that shows the attendees how to secure an SPA (could be React, Angular or VueJs) using Auth0. Can be adapted based on the time available for the presentation.
Slides from my talk at PHP Benelux 2018. Abstract:
From chatbots to your home thermostat, it seems like machine learning algorithms are everywhere nowadays. How about understanding how this works now? In this talk, you will learn about the basics of machine learning through various basic examples, without the need for a PhD or deep knowledge of assembly. At the end of this talk, you will know what the Naive Bayes classifiers, sentiment analysis and basic genetic algorithms are and how they work. You will also see how to create your own implementations in Javascript.
International Javascript Conference - Munich - October 25th 2017
From chatbots to your home thermostat, it seems like machine learning algorithms are everywhere nowadays. How about understanding how this works now? In this talk, you will learn about the basics of machine learning through various basic examples, without the need for a PhD or deep knowledge of assembly. At the end of this talk, you will know what the Naive Bayes classifiers, sentiment analysis and basic genetic algorithms are and how they work. You will also see how to create your own implementations in JavaScript.
So you’ve finally managed to build a full stack application, all in Javascript. But what if your hardware programming could be done with Javascript too? In this introduction to Nodebots, you will learn how to use NodeJs to build a robot using an Arduino board. Well, maybe not a full robot but at least a blinking LED. You will learn how to add basic sensors and other general electronic components and you will learn how you can do it by yourself, at home, on a minimal budget. Come to this talk and you too will be able to contribute to the Robocalypse.
Did you know that your web sites can now talk to actual bluetooth devices around it? With new initiatives like the Physical Web and new APIs like Web Bluetooth, it’s now easier than ever to interact with hardware using nothing but Web technologies. In this talk, you will learn how to broadcast URLs to nearby devices and how to control hardware via bluetooth. All of this using plain old vanilla Javascript.
Presented at the Dutch PHP Conference on June 30th 2017
From chatbots to your home thermostat, it seems like machine learning algorithms are everywhere nowadays. How about understanding how this works now? In this talk, you will learn about the basics of machine learning through various basic examples, without the need for a PhD or deep knowledge of assembly. At the end of this talk, you will know what the Naive Bayes classifiers, sentiment analysis and basic genetic algorithms are and how they work. You will also see how to create your own implementations in PHP.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
28. What’s wrong with
traditional auth?
! Multiple platforms
connecting to your
application
! Tightly coupled
! Sharing credentials
to connect to another
API
29. What’s wrong with
traditional auth?
! Multiple platforms
connecting to your
application
! Tightly coupled
! Sharing credentials
to connect to another
API
! Users have a
gazillion passwords
to remember, which
increases security
risks
61. @joel__lord
#midwestjs
Auth Server
// Requires ...
var users = [...];
app.use(bodyParser.urlencoded());
app.post("/login", function(req, res) {
// POST for login
});
app.get('*', function (req, res) {
res.sendStatus(404);
});
62. @joel__lord
#midwestjs
Auth Server
// Requires ...
var users = [...];
app.use(bodyParser.urlencoded());
app.post("/login", function(req, res) {
// POST for login
});
app.get('*', function (req, res) {
res.sendStatus(404);
});
63. @joel__lord
#midwestjs
Auth Server
app.post("/login", function(req, res) {
// POST for login
if (!req.body.username || !req.body.password)
return res.status(400).send("Need username and password");
var user = users.find(function(u) {
return u.username === req.body.username && u.password === req.body.password;
});
if (!user) return res.status(401).send("User not found");
var token = jwt.sign({
sub: user.id,
scope: "api:read",
username: user.username
}, "mysupersecret", {expiresIn: "10 minutes"});
res.redirect(req.body.callback + "#access_token=" + token);
});
64. @joel__lord
#midwestjs
Auth Server
app.post("/login", function(req, res) {
// POST for login
if (!req.body.username || !req.body.password)
return res.status(400).send("Need username and password");
var user = users.find(function(u) {
return u.username === req.body.username && u.password === req.body.password;
});
if (!user) return res.status(401).send("User not found");
var token = jwt.sign({
sub: user.id,
scope: "api:read",
username: user.username
}, "mysupersecret", {expiresIn: "10 minutes"});
res.redirect(req.body.callback + "#access_token=" + token);
});
65. @joel__lord
#midwestjs
Auth Server
app.post("/login", function(req, res) {
// POST for login
if (!req.body.username || !req.body.password)
return res.status(400).send("Need username and password");
var user = users.find(function(u) {
return u.username === req.body.username && u.password === req.body.password;
});
if (!user) return res.status(401).send("User not found");
var token = jwt.sign({
sub: user.id,
scope: "api:read",
username: user.username
}, "mysupersecret", {expiresIn: "10 minutes"});
res.redirect(req.body.callback + "#access_token=" + token);
});
66. @joel__lord
#midwestjs
Auth Server
app.post("/login", function(req, res) {
// POST for login
if (!req.body.username || !req.body.password)
return res.status(400).send("Need username and password");
var user = users.find(function(u) {
return u.username === req.body.username && u.password === req.body.password;
});
if (!user) return res.status(401).send("User not found");
var token = jwt.sign({
sub: user.id,
scope: "api:read",
username: user.username
}, "mysupersecret", {expiresIn: "10 minutes"});
res.redirect(req.body.callback + "#access_token=" + token);
});
67. @joel__lord
#midwestjs
Auth Server
// Requires ...
var users = [...];
app.use(bodyParser.urlencoded());
app.post("/login", function(req, res) {
// POST for login
});
app.get('*', function (req, res) {
res.sendStatus(404);
});
app.listen(8080, () => console.log("Auth server running on 8080"));}
68. @joel__lord
#midwestjs
API
var express = require('express');
var bodyParser = require('body-parser');
var randopeep = require("randopeep");
var expressjwt = require("express-jwt");
var app = express();
69. @joel__lord
#midwestjs
API
var express = require('express');
var bodyParser = require('body-parser');
var randopeep = require("randopeep");
var expressjwt = require("express-jwt");
var app = express();
70. @joel__lord
#midwestjs
API
var express = require('express');
var bodyParser = require('body-parser');
var randopeep = require("randopeep");
var expressjwt = require("express-jwt");
var app = express();
71. @joel__lord
#midwestjs
API
var express = require('express');
var bodyParser = require('body-parser');
var randopeep = require("randopeep");
var expressjwt = require("express-jwt");
var app = express();
72. @joel__lord
#midwestjs
API
var express = require('express');
var bodyParser = require('body-parser');
var randopeep = require("randopeep");
var expressjwt = require("express-jwt");
var app = express();
90. @joel__lord
#CoderCruise
OpenID Connect
! Built on top of OAuth 2.0
! OpenID Connect (OIDC) is to OpenID what
Javascript is to Java
! Provides Identity Tokens in JWT format
! Uses a /userinfo endpoint to provide the info