A token walks in to a SPA

Single Page Apps are slick and fast. By moving much of the business logic to the browser, they gain advantages both for the application, as well as the load on hosting infrastructure.

But if they're running in the browser, how do we secure them? The code is there for all to see. Cookies and local storage aren't 100% safe. And what if the user refreshes?!

JSON Web Tokens provide a way to make sure that user credentials are kept safe, while still allowing browser-based apps to communicate with APIs.

This talk will take you from knowing what JWTs are to understanding how to use them, and where to get started. We'll look at the request lifecycle of the authentication process, and cover best practices for JWT storage and handling.

 
 

Outline/Structure of the Talk

Describe traditional web apps, and how single page apps differ

Describe how single page apps work with APIs to get the resources they need for operation

Look at the security issues with restricting access to APIs from single page apps

Introduce JSON Web Tokens, and describe their format, purpose, and utility

Describe the communication flow of a JSON Web Token in a single page application environment

Highlight the data storage precautions with working with JSON Web Tokens in single page applications

Describe solutions to the non-persistent nature of data in a single page application

Learning Outcome

You will understand the complexities in dealing with cookies, tokens, auth, and resource access, and learn how to create truly secure single page apps.

Target Audience

Software Developers

schedule Submitted 5 months ago

Public Feedback

comment Suggest improvements to the Speaker