Full Stack Web Development

W09 Securing Web APIs from JavaScript/SPA Applications


1:30pm - 2:45pm

Level: Intermediate

Brock Allen

Application Security Architect

Modern web development means that more and more application code is running in the browser as JavaScript. This architectural shift requires us to change how we perform authentication and authorization. Fortunately, using modern protocols such as OpenID Connect you don’t need to invent your own solution for this new environment. This session will show you the modern approach for browser-based JavaScript applications to authenticate users, and perform secure web api invocations. As you might expect, security is sufficiently complex and so even modern security comes with its own set of challenges. Luckily, we will show off some libraries that help manage this complexity so your application doesn’t have to.

You will learn:

  • Why we don't use cookies for securing Ajax calls
  • How to use OpenID Connect to obtain tokens in JavaScript apps
  • Protecting web APIs with token-based security