Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Make your SPA a maximum security prison

Martin Gontovnikas
October 23, 2014
Programming
2
3.2k

Make your SPA a maximum security prison

Everybody has been creating Single Page Apps lately. They look neat and fast. Handling authentication in an SPA can be tricky though: Cookies, Tokens, Right to access URLs and Resources. Which one is better? In this talk, I explore all these options: pros and cons. We’ll use AngularJS as an example but the concepts apply to any other client technology like Ember.js or vanilla JS.

Martin Gontovnikas

October 23, 2014
Tweet

More Decks by Martin Gontovnikas

See All by Martin Gontovnikas
Make your SPA a maximum security prison - ConFoo Version
mgonto
2
350
Intro to JWT
mgonto
1
1.3k
Death To Cookies: Long Live JSON Web Tokens
mgonto
0
910
Models and Rest APIs on AngularJS with Restangular
mgonto
5
6.3k
Reactive Angular
mgonto
11
2.3k

Other Decks in Programming

See All in Programming
코틀린으로 멀티플랫폼 만들기
pangmoo
0
150
PostmanでAPIの動作確認が楽になった話
h455h1
0
170
Milestoner
bkuhlmann
1
410
Prepare for Jakarta EE 11 - Performance and Developer Productivity
ivargrimstad
0
730
Azure OpenAI Serviceのプロンプトエンジニアリング入門
tomokusaba
3
680
スキーマ駆動開発による品質とスピードの両立 - 私達は何故、スキーマを書くのか
kentaroutakeda
0
170
2 週間で Twitter Bot を作ってみた
contour_gara
0
310
AWS CDKコントリビュートTIPS / aws-cdk-contribution-tips
gotok365
2
120
Build Apps for iOS, Android & Desktop in 100% Kotlin With Compose Multiplatform (mDevCamp 2024)
zsmb
0
290
1BRC--Nerd Sniping the Java Community
gunnarmorling
0
340
Git Rebase
bkuhlmann
11
1.6k
単体テストを書かない技術 #phpcon_odawara
o0h
PRO
26
8.2k

Featured

See All Featured
Six Lessons from altMBA
skipperchong
21
3k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
14
1.6k
Mobile First: as difficult as doing things right
swwweet
216
8.6k
Fantastic passwords and where to find them - at NoRuKo
philnash
37
2.5k
Scaling GitHub
holman
457
140k
Why You Should Never Use an ORM
jnunemaker
PRO
51
8.6k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
19
1.7k
Raft: Consensus for Rubyists
vanstee
132
6.3k
Creatively Recalculating Your Daily Design Routine
revolveconf
210
11k
Large-scale JavaScript Application Architecture
addyosmani
504
110k
Pencils Down: Stop Designing & Start Developing
hursman
117
11k
How STYLIGHT went responsive
nonsquared
92
4.8k

Transcript

  1. Make your SPA a maximum security prison

  2. @woloski @mgonto CTO & Founder Auth0 Dev Advocate Auth0

  3. Identity made simple for developers

  4. Authentication for Modern Applications using Tokens angular-­‐storage
 ! angular-­‐jwt

  5. Browser Web Server auth C C Most of the web

  6. Browser Web Server (Python) Realtime (Node) C M modern apps

  7. Browser Web Server (Python) Realtime (Node) C M ! Cookies

    are coupled to the web framework modern apps

  8. Browser Web Server (Python) Realtime (Node) C M API (Node)

    A Phones Tablets A modern apps

  9. Browser Web Server (Python) Realtime (Node) C M API (Node)

    A APIs don’t use Cookies Phones Tablets A modern apps

  10. Browser Web Server (Python) Realtime (Node) C M API (Ruby)

    API (Node) A A Phones Tablets A modern apps

  11. Browser Web Server (Python) Realtime (Node) C M API (Ruby)

    API (Node) A A FIREBASE F Phones Tablets A modern apps

  12. Browser Web Server (Python) Realtime (Node) C M API (Ruby)

    API (Node) A A ! Cookies don’t “flow” FIREBASE F Phones Tablets A modern apps

  13. A better approach Token-based Authentication JSON Web Tokens

  14. auth0/angularjs-jwt-authentication-tutorial Demo time!

  15. Browser modern apps Web Server (Python) Realtime (Node) API (Ruby)

    API (Node) AWS S3 Phones Tablets

  16. 5 t-shirts Bitcoins Stickers Thanks!