The document discusses single sign-on (SSO) authentication strategies for allowing users to log into multiple applications and websites using a single set of login credentials. It compares the OAuth 2.0 and SAML SSO standards, and explores approaches for implementing SSO using JSON web tokens. Key tradeoffs discussed include pros like centralized authentication versus cons like added complexity, performance overhead, and logout challenges.

1. SSO
(Single Sign-On)
03

2. HERE COMES THE DEMO
03

3. www.docplanner.com
SSO FLOW (… OAUTH2 REALLY BUT NVM)
INSERT AUTH CHECK MAGIC HERE
https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/

4. www.docplanner.com
SSO FLOW (… OAUTH2 REALLY BUT NVM)
INSERT AUTH CHECK MAGIC HERE
3rd party
https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/

5. www.docplanner.com
INTRODUCE EXTRA LOGIN METHODS
DOMAIN APPS
SSO
LOGIN METHODS

6. www.docplanner.com
MUCH LOGINS, SUCH WOW

7. www.docplanner.com
MUCH LOGINS, SUCH WOW

8. www.docplanner.com
MUCH LOGINS, SUCH WOW

9. www.docplanner.com
MUCH LOGINS, SUCH WOW

10. www.docplanner.com
HOW TO CHECK AUTH IN BACKEND?
WHOIS?
https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/

11. www.docplanner.com
CHALLENGE AGAINST AUTH SERVER
https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/

12. www.docplanner.com
CHALLENGE AGAINST AUTH SERVER
facebook.com/me
https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/

13. 03
… OR MAKE ACCESS TOKEN CARRY METADATA

14. 03
… OR MAKE ACCESS TOKEN CARRY METADATA

15. www.docplanner.com
JSON WEB TOKEN

16. www.docplanner.com
JSON WEB TOKEN

17. www.docplanner.com
JSON WEB TOKEN
Decoded

18. www.docplanner.com
JSON WEB TOKEN
EncodedDecoded

19. BUT HOW DO WE LOGOUT?
03

20. www.docplanner.com
CHALLENGE AGAINST AUTH SERVER
https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/

21. www.docplanner.com
CHALLENGE AGAINST AUTH SERVER
REVOKE ACCESS TOKENS
UNAUTHORIZED SINCE THEN
https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/

22. www.docplanner.com
WHEN USING JWT
NO CHALLENGE AGAINST ANY PROVIDER
AUTHORIZED AS LONG AS JWT IS VALID :(

23. www.docplanner.com
SSO PROS & CONS
CONSPROS
SINGLE PLACE OF LOGGING IN
SEPARATED CODEBASE
CLIENT UNAWARE OF USER CREDENTIALS
MULTIPLA LOGIN METHODS
UNIFIED PROTOCOL CLIENT<=>SSO
SINGLE PLACE OF FAILURE
TOP NOTCH SECURITY IS A MUST HAVE
PERFORMANCE OVERHEAD
CAN GLOBALLY DEAUTHORIZE USER/CLIENT
LOGOUT PROBLEMS (JWT)
SECURITY ISSUES WHEN USING JWT

24. QUESTIONS?
03

25. github.com/prgTW
linkedin.com/in/prgTW
03
github.com/Ex3v
linkedin.com/in/maciej-szkamruk