Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Make your SPA a maximum security prison

Martin Gontovnikas
October 23, 2014
Programming
2
3.2k

Make your SPA a maximum security prison

Everybody has been creating Single Page Apps lately. They look neat and fast. Handling authentication in an SPA can be tricky though: Cookies, Tokens, Right to access URLs and Resources. Which one is better? In this talk, I explore all these options: pros and cons. We’ll use AngularJS as an example but the concepts apply to any other client technology like Ember.js or vanilla JS.

Martin Gontovnikas

October 23, 2014
Tweet

More Decks by Martin Gontovnikas

See All by Martin Gontovnikas
Make your SPA a maximum security prison - ConFoo Version
mgonto
2
350
Intro to JWT
mgonto
1
1.3k
Death To Cookies: Long Live JSON Web Tokens
mgonto
0
960
Models and Rest APIs on AngularJS with Restangular
mgonto
5
6.3k
Reactive Angular
mgonto
11
2.4k

Other Decks in Programming

See All in Programming
LLM生成文章の精度評価自動化とプロンプトチューニングの効率化について
layerx
PRO
2
180
Snowflake x dbtで作るセキュアでアジャイルなデータ基盤
tsoshiro
2
510
RubyLSPのマルチバイト文字対応
notfounds
0
110
EventSourcingの理想と現実
wenas
6
2.3k
PHP でアセンブリ言語のように書く技術
memory1994
PRO
1
160
タクシーアプリ『GO』のリアルタイムデータ分析基盤における機械学習サービスの活用
mot_techtalk
4
950
AWS IaCの注目アップデート 2024年10月版
konokenj
3
3.3k
Identifying User Idenity
moro
6
9.8k
Compose 1.7のTextFieldはPOBox Plusで日本語変換できない
tomoya0x00
0
170
TypeScript Graph でコードレビューの心理的障壁を乗り越える
ysk8hori
1
640
TypeScriptでライブラリとの依存を限定的にする方法
tutinoko
2
560
Content Security Policy入門 セキュリティ設定と 違反レポートのはじめ方 / Introduction to Content Security Policy Getting Started with Security Configuration and Violation Reporting
uskey512
1
510

Featured

See All Featured
Designing the Hi-DPI Web
ddemaree
280
34k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.2k
Measuring & Analyzing Core Web Vitals
bluesmoon
3
90
Code Review Best Practice
trishagee
64
17k
Statistics for Hackers
jakevdp
796
220k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
Six Lessons from altMBA
skipperchong
27
3.5k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
43
2.2k
The Language of Interfaces
destraynor
154
24k
What's new in Ruby 2.0
geeforr
343
31k
How to train your dragon (web standard)
notwaldorf
88
5.7k

Transcript

  1. Make your SPA a maximum security prison

  2. @woloski @mgonto CTO & Founder Auth0 Dev Advocate Auth0

  3. Identity made simple for developers

  4. Authentication for Modern Applications using Tokens angular-­‐storage
 ! angular-­‐jwt

  5. Browser Web Server auth C C Most of the web

  6. Browser Web Server (Python) Realtime (Node) C M modern apps

  7. Browser Web Server (Python) Realtime (Node) C M ! Cookies

    are coupled to the web framework modern apps

  8. Browser Web Server (Python) Realtime (Node) C M API (Node)

    A Phones Tablets A modern apps

  9. Browser Web Server (Python) Realtime (Node) C M API (Node)

    A APIs don’t use Cookies Phones Tablets A modern apps

  10. Browser Web Server (Python) Realtime (Node) C M API (Ruby)

    API (Node) A A Phones Tablets A modern apps

  11. Browser Web Server (Python) Realtime (Node) C M API (Ruby)

    API (Node) A A FIREBASE F Phones Tablets A modern apps

  12. Browser Web Server (Python) Realtime (Node) C M API (Ruby)

    API (Node) A A ! Cookies don’t “flow” FIREBASE F Phones Tablets A modern apps

  13. A better approach Token-based Authentication JSON Web Tokens

  14. auth0/angularjs-jwt-authentication-tutorial Demo time!

  15. Browser modern apps Web Server (Python) Realtime (Node) API (Ruby)

    API (Node) AWS S3 Phones Tablets

  16. 5 t-shirts Bitcoins Stickers Thanks!