Web Rush

Episode 39: Authentication For Javascript Apps - Kim Maida

Episode Summary

Kim Maida talks with us about authentication, rolling your own security, SDK for apps on Auth0, Groups vs claims vs scopes, storing tokens on client side, and how short a life should access tokens have?

Episode Notes

Recording date: 2019-06-18

John Papa @John_Papa

Ward Bell @WardBell

Dan Wahlin @DanWahlin

Kim Maida @KimMaida

Resources:

• Auth0
• Google OAuth 2.0
• Open ID Connect
• Auth0 Blog
• Identity Server
• NG Vikings
• Authstronomy: The Science of Authenticating Angular Apps by Kim Maida

Someone to follow

• @DavidPich
• Dr. Becky Astrophysicist
• Kapehe

Timejumps

• 00:40 Topic & guest introduction
• 03:56 What are some of the issues with rolling your own security?
• 07:18 Where do you start with security?
• 13:57 SDKs for Apps on Auth0
• 20:15 Groups vs Claims vs scopes
• 23:23 Is storing tokens on the client side a bad thing?
• 28:45 Sponsor: IdeaBlade
• 29:44 You don't know what you don't know
• 34:07 How short should access token life be?
• 40:07 NG Vikings Conference
• 42:25 Someone to follow