Most modern applications need security. Enter OpenID Connect and OAuth 2.0. These two security protocols are designed to meet most modern application security needs. Adding the concept of an authorization server is the recommended architecture. But writing such a “security token service” that implements these protocols from scratch is not an easy task. This talk introduces the new and changed approaches to secure your applications and APIs.