In the intricate landscape of web development, security remains paramount. As professionals who architect, build, and maintain web applications, there is a delicate balance between user experience and safeguarding sensitive data.
In this talk, Rajesh Muthusamy (Engineering Manager at Cognizant) discusses the importance of security in web applications and how OAuth 2.0 and OpenID Connect (OIDC) are best practices for enhancing authentication and authorisation.
His talk explores:
Understanding Token Types and Their Purposes: Find out more on the different types of tokens that OAuth 2.0 and OIDC utilise from access that tokens grant access to specific resources, to refresh tokens that allow for the obtaining of new access tokens without re-authentication.
Client Registration and Configuration: Learn how to properly register your application with an authorisation server and configure client id, redirect URIs, scopes, states, and verification mechanisms, ensuring are secure and effective authentication and authorisation.
Implementing Scopes for Fine-Grained Access Control: Scopes are an important aspect of OAuth 2.0 and OIDC, dictating the level of access and permissions for users. Explore how to carefully design and implement scopes to define and restrict access to specific resources, ensuring security and appropriate permissions are maintained.
The Significance of Secure Token Storage: Storing refresh tokens securely is critical to maintaining the security of a web application. Mishandling tokens can lead to security vulnerabilities. Rajesh shares more on best practices in secure token storage.
Utilising Identity Providers for SSO and Enhanced Security: Rajesh demonstrates how leveraging identity providers like Google allows for single sign-on (SSO) and reduces the need for repeated password entry. These providers help in simplifying the authentication process and enhance security by using established authentication systems.