This document discusses authentication options for APIs built with Symfony and API Platform, including PHP sessions, JSON Web Tokens (JWT), and OAuth2/OpenID Connect (OIDC). It provides pros and cons of each approach as well as configuration details. The key points are that API Platform does not handle authentication directly, instead relying on Symfony, and that PHP sessions, JWT, and OAuth2/OIDC are all valid solutions depending on needs, with OAuth2/OIDC recommended when third party clients need access to the API.
PSD2 is finally here and 2018 is turning out to be a big year for the banking industry as financial institutions open their APIs and make them available to third-party providers.
Find out what Kony is doing about Open Banking and Kony PSD2 solution.
I made this presentation for a couple of friends of mine from B-School who are mostly from Finance and Non-Tech backgrounds. As part of my turn to talk about my past work, I thought it would be helpful to give them a high level view of how complex the development process can be for a B2C app. While a lot of the exchange happened through my personal experience and challenges, this presentation complemented what I spoke about and kept the flow going from one step to the other.
Hope you find this useful. Do feel free to share with others.
Apigee and Amazon Web Services join together in this webcast to discuss using Apigee's API management for AWS-powered backends. API management makes it easy to expose and consume APIs from services built on AWS. Whether your backend runs on EC2, DynamoDB, or AWS Lambda, we'll show you the best way to build AWeSome APIs.
Written marketing plan for the BUS 200: Principles of Marketing final project. Along with a presentation, groups submitted a full marketing plan to introduce a new product to a 2016 Top 100 brand. We chose PayPal, and created a donation round-up service in order to leverage large market share for increased donations and marketable activities.
As team leader, I was responsible for organizing team meetings, deliverables, editing, and final submission of the project.
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
PSD2 is finally here and 2018 is turning out to be a big year for the banking industry as financial institutions open their APIs and make them available to third-party providers.
Find out what Kony is doing about Open Banking and Kony PSD2 solution.
I made this presentation for a couple of friends of mine from B-School who are mostly from Finance and Non-Tech backgrounds. As part of my turn to talk about my past work, I thought it would be helpful to give them a high level view of how complex the development process can be for a B2C app. While a lot of the exchange happened through my personal experience and challenges, this presentation complemented what I spoke about and kept the flow going from one step to the other.
Hope you find this useful. Do feel free to share with others.
Apigee and Amazon Web Services join together in this webcast to discuss using Apigee's API management for AWS-powered backends. API management makes it easy to expose and consume APIs from services built on AWS. Whether your backend runs on EC2, DynamoDB, or AWS Lambda, we'll show you the best way to build AWeSome APIs.
Written marketing plan for the BUS 200: Principles of Marketing final project. Along with a presentation, groups submitted a full marketing plan to introduce a new product to a 2016 Top 100 brand. We chose PayPal, and created a donation round-up service in order to leverage large market share for increased donations and marketable activities.
As team leader, I was responsible for organizing team meetings, deliverables, editing, and final submission of the project.
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
The Pan-Canadian Trust Framework (PCTF) for SSISSIMeetup
https://ssimeetup.org/pan-canadian-trust-framework-pctf-ssi-tim-bouma-webinar-59/
We are very proud to release a special webinar to introduce the next chapter of the “Self-Sovereign Identity Book” from two of the most eminent authorities on digital identity in government: Tim Bouma and Dave Roberts, senior public servants with the Government of Canada and major contributors to the Pan-Canadian Trust Framework (PCTF).
In this chapter, Tim and Dave explain the PCTF model and how it maps to the SSI model and the Trust over IP (ToIP) stack.
This webinar describes how a world leader in digital identity (which Canada has been for two decades) sees the opportunity in the new decentralized identity model represented by SSI (Self-Sovereign Identity).
Tutorial describing how to protect Fiware Orion Context Broker with Fiware Keyrock IdM and Wilma PEP Proxy. The Keyrock is used to manage the identities and to provide OAuth2 tokens. The Wilma is used to intercept the requests to Orion and verify the user credentials through the sent token. With this token is possible to verify the authenticity of the user, checking her identity, and verify if the user is authorized to access Orion.
Open Banking - The Digital Transformation Opportunity in Disguise WSO2
Seshika Fernando, head of financial solutions at WSO2, session at Bank Tech Asia - Colombo on “Open Banking: The Digital Transformation Opportunity in Disguise.” Seshika’s talk with cover the following:
A cross border transfer of experiences: What EU and UK banks have taught us
A 360 degree perspective of global open banking
How to break the barriers for a successful open banking strategy
Why open banking and digital transformation belong in the same sentence
Learn about the basics of Postman and APIs. If you're brand new to Postman, or new to APIs, this workshop is the first step towards becoming a proficient API user.
What's a good API business model? If you have an API, or you plan to have an open API, or just want to use APIs in your web or mobile app, what models make sense? See 20 different API business models. This comprehensive survey of the gamut of today's options covering anything from paid to getting paid to indirect.
Open Banking APIs with case studies for senior stakeholdersMimi Ajayi, PMC
Open Banking APIs with case studies for senior stakeholders in under 10 slides
#innovation #futureofbanking #psd2 #digitalbanking #digitization #digitisation #digitaltransformation #investment #fintech #banking #payments #wallets #VC #tech #futuretrends #quickguide
A primer and overview of Open Banking, also known as Payment Service Directive 2 or PSD2, which went into effect in the UK on 13 January 2018. Produced by Digital Ventures, the Fintech arm of Siam Commercial Bank. Credit to Nat Wittayatanaseth for the research.
OpenID Connect 4 SSI aims at specifying a set of protocols based on OpenID Connect to enable SSI applications. The initiative is conducted at OpenID Foundation in liaison with the Decentralized Identity Foundation (DIF). One of the specifications is built up on DID-SIOP in DIDAuth WG in DIF and SIOP v1 in OIDC Core.
OverBlog top European blogging platform chose Symfony 2 for its brand new version.
Lear about their engineers feedbacks on how they design their software architecture based on Symfony 2.
The following points will be discussed:
- Dependency injection: Making a high speed transport layer with Apache Thrift into Symfony 2.
- Security Bundle: Integrating a Single Sign On
- Twig: Using Twig sandbox to jail custom OverBlog's users themes integration.
This presentation will be animated by Xavier HAUSHERR (CTO) and Gérald LONLAS (Project manager)
The Pan-Canadian Trust Framework (PCTF) for SSISSIMeetup
https://ssimeetup.org/pan-canadian-trust-framework-pctf-ssi-tim-bouma-webinar-59/
We are very proud to release a special webinar to introduce the next chapter of the “Self-Sovereign Identity Book” from two of the most eminent authorities on digital identity in government: Tim Bouma and Dave Roberts, senior public servants with the Government of Canada and major contributors to the Pan-Canadian Trust Framework (PCTF).
In this chapter, Tim and Dave explain the PCTF model and how it maps to the SSI model and the Trust over IP (ToIP) stack.
This webinar describes how a world leader in digital identity (which Canada has been for two decades) sees the opportunity in the new decentralized identity model represented by SSI (Self-Sovereign Identity).
Tutorial describing how to protect Fiware Orion Context Broker with Fiware Keyrock IdM and Wilma PEP Proxy. The Keyrock is used to manage the identities and to provide OAuth2 tokens. The Wilma is used to intercept the requests to Orion and verify the user credentials through the sent token. With this token is possible to verify the authenticity of the user, checking her identity, and verify if the user is authorized to access Orion.
Open Banking - The Digital Transformation Opportunity in Disguise WSO2
Seshika Fernando, head of financial solutions at WSO2, session at Bank Tech Asia - Colombo on “Open Banking: The Digital Transformation Opportunity in Disguise.” Seshika’s talk with cover the following:
A cross border transfer of experiences: What EU and UK banks have taught us
A 360 degree perspective of global open banking
How to break the barriers for a successful open banking strategy
Why open banking and digital transformation belong in the same sentence
Learn about the basics of Postman and APIs. If you're brand new to Postman, or new to APIs, this workshop is the first step towards becoming a proficient API user.
What's a good API business model? If you have an API, or you plan to have an open API, or just want to use APIs in your web or mobile app, what models make sense? See 20 different API business models. This comprehensive survey of the gamut of today's options covering anything from paid to getting paid to indirect.
Open Banking APIs with case studies for senior stakeholdersMimi Ajayi, PMC
Open Banking APIs with case studies for senior stakeholders in under 10 slides
#innovation #futureofbanking #psd2 #digitalbanking #digitization #digitisation #digitaltransformation #investment #fintech #banking #payments #wallets #VC #tech #futuretrends #quickguide
A primer and overview of Open Banking, also known as Payment Service Directive 2 or PSD2, which went into effect in the UK on 13 January 2018. Produced by Digital Ventures, the Fintech arm of Siam Commercial Bank. Credit to Nat Wittayatanaseth for the research.
OpenID Connect 4 SSI aims at specifying a set of protocols based on OpenID Connect to enable SSI applications. The initiative is conducted at OpenID Foundation in liaison with the Decentralized Identity Foundation (DIF). One of the specifications is built up on DID-SIOP in DIDAuth WG in DIF and SIOP v1 in OIDC Core.
OverBlog top European blogging platform chose Symfony 2 for its brand new version.
Lear about their engineers feedbacks on how they design their software architecture based on Symfony 2.
The following points will be discussed:
- Dependency injection: Making a high speed transport layer with Apache Thrift into Symfony 2.
- Security Bundle: Integrating a Single Sign On
- Twig: Using Twig sandbox to jail custom OverBlog's users themes integration.
This presentation will be animated by Xavier HAUSHERR (CTO) and Gérald LONLAS (Project manager)
(phpconftw2012) PHP as a Middleware in Embedded Systemssosorry
It is used by sosorry at PHPConf Taiwan 2012. In this presentation, we will see that why we need a middleware in embedded systems, and how PHP can play this role. Besides, some tasks about architecture design, porting libraries, development & debug, and performance tunning would be included.
Apigility – Lightning Fast API Development - OSSCamp 2014 OSSCube
Apigility - The world's easiest way to create high-quality APIs.
Apigility is an API Builder, designed to simplify
creating and maintaining useful, easy to consume, and
well structured APIs. Regardless of your experience in
API building, with Apigility you can build APIs that
enable mobile apps, developer communities, and any
other consumer controlled access to your applications.
Building a fully API-based platform on top of cPanelDominic Lüchinger
My presentation at the cPanel Conference 2011
http://bootcamp.cpanel.net/
Design inspired by http://www.slideshare.net/timanglade/a-nosql-overview (thx to @timanglade)
Building a Great Web API - Evan Cooke - QCON 2011Twilio Inc
This presentation explores how fast signup, a clear value proposition, efficient quick starts, concise documentation, easy authentication and debugability are common attributes of many successful web APIs. The Twilio API is used as an example of how a focus on developer experience helps drive API adoption.
Looking in from the outside, serverless seems so simple! And yet, many companies are struggling on their journey to serverless. In this talk, I highlight a number of mistakes companies are making when they adopt serverless.
Before Symfony was spelled with a capital “S” there was another symfony, the first version of the framework. It already meant a lot to me at the time. But with the arrival of Symfony 2 it became clear that something very important was happening in the world of PHP programming. It appears that this framework is able to turn amateur website makers (like I used to be) into actual software developers. What is the secret? What makes Symfony so special? And why am I still hooked?
We’ll look at pieces of code, the Symfony ecosystem, the people behind it, the things that have been written about it, and the experience that I have with it. We’ll take a trip down memory lane, collecting pieces for our Symfony scrapbook, while we try to construct an answer to these questions.
How Symfony changed my life (#SfPot, Paris, 19th November 2015)Matthias Noback
Before Symfony was spelled with a capital “S” there was another symfony, the first version of the framework. It already meant a lot to me at the time. But with the arrival of Symfony 2 it became clear that something very important was happening in the world of PHP programming. It appears that this framework is able to turn amateur website makers (like I used to be) into actual software developers. What is the secret? What makes Symfony so special? And why am I still hooked?
We’ll look at pieces of code, the Symfony ecosystem, the people behind it, the things that have been written about it, and the experience that I have with it. We’ll take a trip down memory lane, collecting pieces for our Symfony scrapbook, while we try to construct an answer to these questions.
TestWorks Conf Robot framework - the unsung hero of test automation - Michael...Xebia Nederland BV
The Robot Framework is a generic test automation framework for acceptance test-driven development, that appears to be largely neglected.
Undeservedly so, as it facilitates powerful and yet simple test automation against a variety of interfaces.
It features some distinct advantages when compared to seemingly similar frameworks such as Cucumber or Fitnesse.
This workshop is meant to show you what makes the Robot Framework special and what is has to offer you.
apidays LIVE Jakarta - REST the events: REST APIs for Event-Driven Architectu...apidays
apidays LIVE Jakarta 2021 - Accelerating Digitisation
February 24, 2021
REST the events: REST APIs for Event-Driven Architecture
Mark Teehan, Principal Solution Engineer at Confluent APAC
Similar to Secure and practical authentication in API Platform (20)
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
2. Y
Software Architect, Developer & Maintainer
Symfony Core Team /
LexikJWTAuthenticationBundle Project Lead /
Principal Engineer @Les-Tilleus.coop
twitter.com/chalas_r
github.com/chalasr
Robin Chalas
14. JWT
Pros
● Standard Token format (RFC 7519)
● Server does not need to keep track of sessions
● Can be used in contexts where cookies are disabled
● Scales easily (any server possessing the public key can verify tokens)
● Fun to use
Cons
● Complex (key management, refresh tokens...)
16. JWT:
Symmetric or Asymmetric
Only use asymmetric signatures (RSA/ECDSA) when multiple
applications need to verify the tokens.
Otherwise, use symmetric signatures (shared secret - HMAC).
28. Conclusion
Both Sessions and JWTs are valid solutions for API
authentication.
Just use the one that you feel comfortable with.
And, as soon as you have third party clients, use OAuth2 with
OIDC.