API World 2018 has ended
Back To Schedule
Wednesday, September 12 • 3:00pm - 3:50pm
OPEN TALK: Advanced OAuth

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In this talk, Travis Spencer, CEO of Curity, will present many advanced aspects of OAuth. Basic aspects of the protocol, like code flow, different kinds of tokens, etc. will only be mentioned in passing; instead, more advanced aspects of the standard will be addressed, including:

* Hybrid flow
* Dynamic client registration (inc. user-device binding)
* OAuth metadata and how it's used when validating a JWT
* Assisted token flow
* Proof Key for Code Exchange (PKCE or "pixie") 
* Mutual TLS and Proof of Possession (PoP)

Time allowing, other such matters will also be discussed. 

Attendees wishing to make this most of this talk are encouraged to view past presentation on more basic aspects of OAuth if they are not yet familiar. Such talks can be found at https://www.youtube.com/user/nordicapis/search?query=oauth. A basic intro can be found at https://www.youtube.com/watch?v=XGmUlyggXVo.

avatar for Travis Spencer

Travis Spencer

CEO, Curity
Travis has worked extensively with organizations in various industries in both the US, Europe, and elsewhere who are adopting cloud and mobile computing. His broad market exposure coupled with a background in application development allows him to help organizations with low-level... Read More →

Wednesday September 12, 2018 3:00pm - 3:50pm PDT
Workshop Room 1