A token walks in to a SPA
Single Page Apps are slick and fast. By moving much of the business logic to the browser, they gain advantages both for the application, as well as the load on hosting infrastructure.
But if they're running in the browser, how do we secure them? The code is there for all to see. Cookies and local storage aren't 100% safe. And what if the user refreshes?!
JSON Web Tokens provide a way to make sure that user credentials are kept safe, while still allowing browser-based apps to communicate with APIs.
This talk will take you from knowing what JWTs are to understanding how to use them, and where to get started. We'll look at the request lifecycle of the authentication process, and cover best practices for JWT storage and handling.
Outline/Structure of the Talk
Describe traditional web apps, and how single page apps differ
Describe how single page apps work with APIs to get the resources they need for operation
Look at the security issues with restricting access to APIs from single page apps
Introduce JSON Web Tokens, and describe their format, purpose, and utility
Describe the communication flow of a JSON Web Token in a single page application environment
Highlight the data storage precautions with working with JSON Web Tokens in single page applications
Describe solutions to the non-persistent nature of data in a single page application
Learning Outcome
You will understand the complexities in dealing with cookies, tokens, auth, and resource access, and learn how to create truly secure single page apps.
Target Audience
Software Developers
Links
My full speaking schedule is available at https://bendechrai.com/schedule
schedule Submitted 3 years ago
Recent Activities
Call for Proposals CLOSED
Ended on Jun 2 '19 11:59 PM AEST
LAST is Australia's cross-functional conference. Rather than retreat to our trade and talk among our peers-in practice we want LAST to be a place where people can learn about the holistic process of product and service development, or growing organisations and our own skills and careers.
This conference is also about learning and sharing from our colleagues. Over the years we have come to value the following things;
- Interactive sessions over presentations
- Specific tools and techniques over general frameworks
- Learning from mistakes and failures over sharing sanitised success stories
- Diversity of content over following industry best practices
- Evidence based approaches over novel ideas
That is, while there is value in the items on the right, we value the items on the left more.
Craig Brown
Raymond Dellar
Ben Van Wees
narelle
