Strengthen Mobile Logins with the Hypermedia Authentication API

•

0 likes•12 views

Travis Spencer's presentation at API Days London 2023. More on the Hypermedia Authentication API: https://curity.io/product/authentication-service/authentication-api/

Technology

Strengthen Mobile Logins with the
Hypermedia Authentication API
By Travis Spencer
CEO

Challenges
• Login is a complex process
• Technology is constantly changing
• Common approaches introduce friction
• Mobile execution environment is often compromised
• Non-experts are inventing unsafe APIs shoehorned into OAuth

HAAPI is a Better Solution
• User authentication without a browser
• Use any authentication mechanism
• User journey orchestrations can be executed
• Localized & branded
• Keep using existing OAuth clients

API
Token Management
App to Server (back-channel)

API
Token Management
App to Server (back-channel)
User Authentication
Browser to Server (front-channel)

API
Token Management
App to Server (back-channel)
User Authentication
Browser to Server (front-channel)
Authenticators
Actions
Authentication

API
Token Management
App to Server (back-channel)
User Authentication
Browser to Server (front-channel)
Server-side HTML rendering
with page post-backs Authenticators
Actions
Authentication

API
Token Management
App to Server (back-channel)
User Authentication
Browser to Server (front-channel)
API Authenticators
Actions
Authentication

API
Token Management
App to Server (back-channel)
User Authentication
API Authenticators
Actions
Remove the need for the browser

Initial request
Authentication Step – Available Actions and Links
Hypermedia
Authenticators
Actions
Hypermedia-based API

Initial request
Authentication Step – Available Actions and Links
User provided information
Hypermedia
Authenticators
Actions
Hypermedia-based API

Initial request
Authentication Step – Available Actions and Links
User provided information
Authentication Result
Hypermedia
Authenticators
Actions
Hypermedia-based API

• All HAAPI calls subject to access control
• API available only for explicitly authorized clients
• Using proof-of-possession access tokens
• Additional security measures (e.g., clock skew protection)
• Client application attestation
Security

OAuth
Client
Attestation
System
3. Request
Attestation,
provide challenge
2. Challenge for Client
1. Obtain challenge for Client
4. Attestation
5. Attestation as
challenge response
6. Client Attestation
Token (CAT)
Obtaining Client Attestation

Summary
• Mobile login is hard for various reasons
• HAAPI provides a better solution than alternatives
• Works with OAuth and OpenID Connect to avoid browser-
based login
• Security is enhanced by client attestation

Thank You!
curity.io
developer.curity.io
@curityio
info@curity.io

Similar to Strengthen Mobile Logins with the Hypermedia Authentication API

Developers no longer start from an empty file. More and more existing API’s and services are used to rapidly develop new applications. During this session we will demonstrate how API Management solutions can help developers to find/reuse/create APIs and services to speed up application development. We will focus both on the API/service consumers and producers. Real world use cases will be used to demonstrate the key capabilities of good API Management solutions.

$Openbar Leuven \\ Using API Management to improve developers productivity \\ ...$ $Openbar Leuven \\ Using API Management to improve developers productivity \\ ...$

Openbar Leuven \\ Using API Management to improve developers productivity \\ ...

Openbar

A food producer desired to take advantage of the Wonderware System Platform, which, when properly implemented, delivers a robust solution with scalability and makes available many compatible goods. Many organizations have partnered with Asteam techno solutions Pvt ltd, which comprises trained professionals with more than ten years of expertise and full Wonderware certification. A food producer desired to take advantage of the Wonderware System Platform, which, when properly implemented, delivers a robust solution with scalability and makes available many compatible goods. Many organizations have partnered with Asteam techno solutions Pvt ltd, which comprises trained professionals with more than ten years of expertise and full Wonderware certification.

AVEVA InTouch HMI to System Platform Migration

Asteam Techno

SWE Interactive - Overview

Craig Le

Asynchronous API Testing: Trends, Tools & More | Calidad Infotech

Calidad Infotech

WSO2Con EU 2015: Securing, Monitoring and Monetizing APIs Businesses today are rapidly moving from being service enabled to being API enabled. Moving into the world of APIs brings together its own set of complexities and challenges that are tough to tackle. API security, performance, scalability, monitoring and notifications are key areas to be focusing your engineering efforts on. The WSO2 Carbon platform is a complete open source enterprise middleware platform which includes products catering to your various different enterprise needs. This talk will focus on leveraging the extensive feature set and extensible nature of the WSO2 platform to secure, monitor and monetize your APIs. It will also touch upon some of WSO2’s experiences with customers in building API ecosystems that suit modern day enterprises. Presenter: Nuwan Dias Technical Lead, WSO2

WSO2Con EU 2015: Securing, Monitoring and Monetizing APIs

WSO2

Overview of azure microservices and the impact on integration

BizTalk360

Can virtualization transform your API lifecycle?

TEST Huddle

Api virtualization

shadidc

Accessibility testing technology, human touch and value

Srinivasu Chakravarthula

The Magic Behind Faster API Development, Testing and Delivery with API Virtua...

SmartBear

API Economy - Cuomo

Prolifics

Emerging Technologies: Heroku for ISVs (October 13, 2014)

Salesforce Partners

** Full webinar recording: ** It is no secret that many teams struggle with automated functional UI testing - some to the point where it is completely abandoned - even though the UI is the most significant interface of the system. In this session, Adam Carmi -- Applitools CTO and Co-founder -- reviewed the main weaknesses of traditional approaches to UI testing, and how they negatively affect test stability, maintainability, coverage, execution speed, and overall ROI. He also discussed how these weaknesses become even more severe when running tests across multiple devices and browsers. Adam demonstrated how Visual AI -- the innovative technology powering Applitools' testing engine -- can be applied on your existing pipeline to efficiently implement functional UI tests with a fraction of the effort while drastically increasing test coverage and reducing test execution time. Adam also showed a live coding session, where he converted a traditional UI test into a Visual AI-based test in minutes, and executed it across dozens of devices and browsers in seconds using the Applitools Ultrafast Grid.

[webinar] Cutting-edge Functional UI Testing Techniques - w/ Adam Carmi

Applitools

Africa's Talking API Workshop

sgikandi

Perth MeetUp June 2023

Michael Price

Platform for Secure Digital Business

Akana

Open Banking & Open Insurance

Amazon Web Services

Enhancing your Security APIs

Apigee | Google Cloud

Today’s applications are becoming more complex. From multi-layers applications, to micro-services to containers, QA & automation engineers are required to test more with less and without compromising the quality of the app. Join me and Yossi Neeman as we explain the pros & cons of testing at each of the different layers of the application and also share some best practices around Agile Testing. Everything will be demonstrated on a demo application built with the latest technology stack including NodeJS, REST APIs and MongoDB and tested using UFT 12.52.

Testing NodeJS, REST APIs and MongoDB with UFT

Ori Bendet

CIS14: PingAccess 101

CloudIDSummit

Similar to Strengthen Mobile Logins with the Hypermedia Authentication API (20)

$Openbar Leuven \\ Using API Management to improve developers productivity \\ ...$ $Openbar Leuven \\ Using API Management to improve developers productivity \\ ...$

Openbar Leuven \\ Using API Management to improve developers productivity \\ ...

AVEVA InTouch HMI to System Platform Migration

SWE Interactive - Overview

Asynchronous API Testing: Trends, Tools & More | Calidad Infotech

WSO2Con EU 2015: Securing, Monitoring and Monetizing APIs

Overview of azure microservices and the impact on integration

Can virtualization transform your API lifecycle?

Api virtualization

Accessibility testing technology, human touch and value

The Magic Behind Faster API Development, Testing and Delivery with API Virtua...

API Economy - Cuomo

Emerging Technologies: Heroku for ISVs (October 13, 2014)

[webinar] Cutting-edge Functional UI Testing Techniques - w/ Adam Carmi

Africa's Talking API Workshop

Perth MeetUp June 2023

Platform for Secure Digital Business

Open Banking & Open Insurance

Enhancing your Security APIs

Testing NodeJS, REST APIs and MongoDB with UFT

CIS14: PingAccess 101

Recently uploaded

In this session, we will showcase how to revolutionize automated testing for your software, automation, and QA teams with UiPath Test Suite. In part 1 of UiPath test automation using UiPath Test Suite – developer series, we will cover, Software testing overview What is software testing Why software testing is required Typical test types and levels Continuous testing and challenges Introduction to UiPath Test Suite UiPath Test Suite family of products Speaker: Atul Trikha, Chief Technologist & Solutions Architect, Peraton and UiPath MVP Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

UiPath Test Automation using UiPath Test Suite series, part 1

DianaGray10

This talk focuses on the practical aspects of integrating various telephony systems with Salesforce, drawing on examples from implementations in the Czech scene. It aims to inform attendees about the spectrum of telephony solutions available, from small to large scale, and their compatibility with Salesforce. The presentation will highlight key considerations for selecting a telephony provider that integrates smoothly with Salesforce, including important questions to support the decision-making process. It will also discuss methods for integrating existing telephony systems with Salesforce, aimed at companies contemplating or in the process of adopting this CRM platform. The discussion is designed to provide a straightforward overview of the steps and considerations involved in telephony and Salesforce integration, with an emphasis on functionality, compatibility, and the practical experiences of Czech companies.

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...

CzechDreamin

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

New customer? New industry? New cloud? New team? A lot to handle! How to ensure the success of the project? Start it well! I've created the 3 areas of focus at the beginning of the project that helped me in multiple roles (BA, PO, and Consultant). Learn from real-world experiences and discover how these insights can empower you to deliver unparalleled value to your customers right from the project's start.

Powerful Start- the Key to Project Success, Barbara Laskowska

CzechDreamin

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

The standard Salesforce Approval process can be limiting in many ways, especially in complex scenarios. What if there was a way to implement very flexible approvals where one can use Apex code to make data updates in unrelated records, dynamically generate next steps details, and compute assignees on the fly? And still use UI-based configurations to implement concrete approval processes. In this session, we will share ideas behind such a solution and show a few lines of code to get you started.

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder

CzechDreamin

Ever caught yourself nodding along when someone mentions "delivering value" in Agile, but secretly wondering what the heck they actually mean? You're not alone! Join us for an eye-opening session where we'll strip away the buzzwords and dive into the heart of Agile—value delivery. But what is "value"? Is it a mythical unicorn in the world of software development, or is there more to this overused term? This isn't going to be a sit-and-get lecture. We're talking about a face-to-face, interactive meetup where YOU play a crucial role. Come along to: Define It: What does "value" really mean? We’ll build a definition that’s not just words, but a compass for your Agile journey. Contextualise It: Discover what value means specifically to you, your team, your company, and your industry. Because one size does not fit all. Deliver It: Share strategies and gather new ones for uncovering and delivering true value—no more shooting in the dark!

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx

David Michel

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

How to differentiate Sales Cloud and CPQ on first glance might be tricky if you do not know where to look and what to look at. You will know :-) Managing the sales process within Salesforce is a common use case that can be managed with standart Sales Cloud. If you want to do entire quoting process you will find out Salesforce CPQ solution exists. What is then the difference if both can handle selling products? You will see comparison of 10 different features, which Sales Cloud and Salesforce CPQ handle differently. Simple question you will always remember if you should consider using Salesforce CPQ will be a cherry on top.

10 Differences between Sales Cloud and CPQ, Blanka Doktorová

CzechDreamin

ODC, Data Fabric and Architecture User Group

CatarinaPereira64715

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

Welcome to UiPath Test Automation using UiPath Test Suite series part 2. In this session, we will cover API test automation along with a web automation demo. Topics covered: Test Automation introduction API Example of API automation Web automation demonstration Speaker Pathrudu Chintakayala, Associate Technical Architect @Yash and UiPath MVP Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

UiPath Test Automation using UiPath Test Suite series, part 2

DianaGray10

Join us as we dive into the latest updates to the UiPath Orchestrator API, including new limits and features for 2024. Discover how these changes can enhance your automation projects and streamline your workflows. 📚 Overview of UiPath Orchestrator API 🔧 Recent changes to API limits 🛠️ How to adapt to new limits 📋 Best practices for using the Orchestrator API efficiently ❓ Q&A session

Exploring UiPath Orchestrator API: updates and limits in 2024 🚀

DianaGray10

ScyllaDB has the potential to deliver impressive performance and scalability. The better you understand how it works, the more you can squeeze out of it. But before you squeeze, make sure you know what to monitor! Watch our experienced Postgres developer work through monitoring and performance strategies that help him understand what mistakes he’s made moving to NoSQL. And learn with him as our database performance expert offers friendly guidance on how to use monitoring and performance tuning to get his sample Rust application on the right track. This webinar focuses on using monitoring and performance tuning to discover and correct mistakes that commonly occur when developers move from SQL to NoSQL. For example: - Common issues getting up and running with the monitoring stack - Using the CQL optimizations dashboard - Common issues causing high latency in a node - Common issues causing replica imbalance - What a healthy system looks like in terms of memory - Key metrics to keep an eye on This isn’t “Death-by-Powerpoint.” We’ll walk through problems encountered while migrating a real application from Postgres to ScyllaDB – and try to fix them live as well.

Optimizing NoSQL Performance Through Observability

ScyllaDB

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Recently uploaded (20)