15:30 - 16:30
OAuth is the standard protocol for securing APIs and user authentication (when you layer OpenID Connect on top). But OAuth is not just a single protocol – it’s a family of specifications – and new ones get added as we speak.
This talk looks at the latest revision of OAuth called OAuth 2.1, and picks out a couple of useful additional specifications that help you improve the security of your token-based systems. Expect information on key rotation, the JWT profile, resource indicators, JAR & PAR and proof of possession access tokens.