A token walks in to a SPA
Single Page Apps are slick and fast. By moving much of the business logic to the browser, they gain advantages both for the application, as well as the load on hosting infrastructure.
But if they're running in the browser, how do we secure them? The code is there for all to see. Cookies and local storage aren't 100% safe. And what if the user refreshes?!
JSON Web Tokens provide a way to make sure that user credentials are kept safe, while still allowing browser-based apps to communicate with APIs.
This talk will take you from knowing what JWTs are to understanding how to use them, and where to get started. We'll look at the request lifecycle of the authentication process, and cover best practices for JWT storage and handling.
Outline/Structure of the Talk
Describe traditional web apps, and how single page apps differ
Describe how single page apps work with APIs to get the resources they need for operation
Look at the security issues with restricting access to APIs from single page apps
Introduce JSON Web Tokens, and describe their format, purpose, and utility
Describe the communication flow of a JSON Web Token in a single page application environment
Highlight the data storage precautions with working with JSON Web Tokens in single page applications
Describe solutions to the non-persistent nature of data in a single page application
You will understand the complexities in dealing with cookies, tokens, auth, and resource access, and learn how to create truly secure single page apps.