Developing New Experiences

T08 Securing Web APIs from Mobile and Native Applications


9:30am - 10:45am

Level: Introductory to Intermediate

Brock Allen

Application Security Architect

Mobile devices and applications are becoming the prominent mechanism for users to operate digitally. Developing for these platforms is new for many developers and how to build secure applications for these environments is crucial. Fortunately, inventing your own security is not necessary (or recommended) and instead you can rely upon the OpenID Connect protocol. This session shows how to use this protocol to authenticate your users, as well as gain secure access to the backend APIs that support your applications. In addition to these basics, we will discuss more advanced security features of the protocols including PKCE.

You will learn:

  • Protecting web APIs with token-based security
  • How to use OpenID Connect and OAuth 2 from a native/mobile app
  • How to manage user sessions in native/mobile apps