Episode 39: Authentication For Javascript Apps - Kim Maida
Kim Maida talks with us about authentication, rolling your own security, SDK for apps on Auth0, Groups vs claims vs scopes, storing tokens on client side, and how short a life should access tokens have.
Recording date: 2019-06-18
John Papa @John_Papa
Ward Bell @WardBell
Dan Wahlin @DanWahlin
Kim Maida @KimMaida
Resources:
- Auth0
- Google OAuth 2.0
- Open ID Connect
- Auth0 Blog
- Identity Server
- NG Vikings
- Authstronomy: The Science of Authenticating Angular Apps by Kim Maida
Someone to follow
Timejumps
- 00:40 Topic & guest introduction
- 03:56 What are some of the issues with rolling your own security?
- 07:18 Where do you start with security?
- 13:57 SDKs for Apps on Auth0
- 20:15 Groups vs Claims vs scopes
- 23:23 Is storing tokens on the client side a bad thing?
- 28:45 Sponsor: IdeaBlade
- 29:44 You don't know what you don't know
- 34:07 How short should access token life be?
- 40:07 NG Vikings Conference
- 42:25 Someone to follow