Full Stack Web Development

W13 Securing Web APIs from JavaScript/SPA Applications

10/10/2018

3:00pm - 4:15pm

Level: Introductory to Intermediate

Brock Allen

Application Security Architect

Modern web development means that more and more application code is running in the browser as JavaScript. This architectural shift requires us to change how we perform authentication and authorization. Fortunately, using modern protocols such as OpenID Connect, you don't need to invent your own solution for this new environment. This session will show you the modern approach for browser-based JavaScript applications to authenticate users, and perform secure web api invocations. As you might expect, security is sufficiently complex and so even modern security comes with its own set of challenges. Luckily, we will show off some libraries that help manage this complexity so your application doesn't have to.