User Identity Management in Your Apps with Auth0

Transcript

1. User Identity Management in Your Apps by Prosper Otemuyiwa

2. Who Am I? Prosper Otemuyiwa a.k.a unicodeveloper • Technical Writer

   at Auth0 • Blogger at goodheads.io • Organizer of Lagos PHP & Laravel Meetups • Co-organizer of forLoop Nigeria • Self-Acclaimed Evangelist • Fire Ambassador • Open Sourcerer • Google Developer Expert @unicodeveloper

3. Making applications secure and saving developers man hours since 2013

   @auth0 #HackJos - @unicodeveloper A tweet that will save developers’ lives!

4. • It is as simple as it sounds. Managing Identities

   - User Identities. • Almost every application needs some form of process to manage user identities. • Authentication • Authorization What the Hell is User Identity Management?

5. • You are doing something simple • Highly experienced or

   part of a strong team - been building authentication for apps, services for years • Small budget Why build User Identity Management?

6. Wait...what? Buy? Why buy Identity Management?

7. What If I told you that User Identity Management can

   really become so complex?

8. 1. Do you have users who will authenticate with more

   than one Identity Provider? 2. Do you have multiple applications which will need to authenticate? Now do they use the same stack? 3. What analytics will you need for account creation and authentication events? 4. How will you flag and mitigate anomalies in user management and authentication events? Ask Yourself the Following Questions?

9. 5. How can you stay on top of potential security

   vulnerabilities? 6. Can you/your team securely configure authentication infrastructure? On-premises and in private cloud instances? 7. What is your Multifactor Authentication Strategy? How will you integrate it across different clients? Ask Yourself the Following Questions?

10. 8. How will you on-board new B2B Customers wanting SSO

    for your service? 9. Can you federate with partners who use Active Directory behind the firewall? 10. Have you thought about implementing brute-force protection and DDOS prevention? Identity systems are an attractive target for attacks. Ask Yourself the Following Questions?

11. 11. Have you considered scalability, performance, and replication/availablity requirements for

    your user store? 12. How will you implement OpenID Connect across development stacks and clients? 13. How will you handle reports from the security community of vulnerabilities in your identity implement? Ask Yourself the Following Questions?

12. ❖ Half a billion Yahoo accounts were leaked in large-scale

    data breach in 2014 ❖ Dropbox Data breach: 68 million user account details leaked ❖ LinkedIn Data breach: 117 million emails and passwords leaked in 2012 What about Security? Oh Major Key!

13. All just for User Identity? I AM NOT CRYING! When

    will I implement the core business logic?

14. Relax Buddy….Auth0 got your back!!

15. Auth0 offers the following for authentication... • Lock Widget •

    Passwordless ( SMS, Magic Link, Touch ID) • Guardian ( Multi-Factor Authentication made easy) • Supports over 30 social login providers • Breached Password detection • Anomaly detection • Single Sign On More info here https://auth0.com/how-it-works

16. Before you decide to trust Auth0…... Check this out: •

    We maintain over 100 open source projects including your favorites: passportjs, node-jsonwebtoken and express-jwt • A team of highly experienced & world-class specialists including Jared( creator of passport), Eugene Kogan( Security expert, previously at the US Department of Defense) • Auth0 is OpenID Certified, SOC Type II Certified and offers HIPAA BAA Compliance

17. @unicodeveloper JUST SHOW ME HOW TO SAVE TIME!!!!

18. Goals: • Users should be able to sign in to

    the app to unlock a tasty plate of Nigerian Jollof • Users should be able to sign in with either username & password, facebook, google, or twitter • User Analytics needed. #HackJos: Build an App

19. 1. Sign up for an Auth0 account 2. Create a

    new app from your Dashboard #HackJos : Build an App (Web)

20. 3. Click on the “Quickstart tab” Just after creating the

    app to get started with a boilerplate for any technology you want to use. - AngularJS - React - Vue - Aurelia - Ember - CycleJS ...many more! #HackJos: Build an App (Web)

21. #HackJos: Build an App (Web) 4. Replace your CLIENT_ID &

    DOMAIN with the real values from your dashboard. 5. Specify a callback URL & also “Allowed Origins”
22. None
23. None
24. None
25. None

26. • Grab all the data

27. • User Analytics

28. #HackJos: Build an App (Web) Want to see more code?

    Check out this demo project here: https://github.com/unicodeveloper/hackjos-demo

29. Success Stories “Getting identity management out of the way was,

    surprisingly, a really big deal, both to these proud institutions, and to the federal government. Ever since this project started, we’ve become the NIH’s shining example of how to share data among disparate institutions.” - David Bernick, Director of Technology, Harvard Medical School Department of Bioinformatics “Setting up our application to integrate with one partner and then having that partner act as a service hub for dozens of identity systems helps simplify work for our core development teams, while allowing our customer base to grow exponentially.” – Cris Concepcion, Engineering Manager at Safari Books Online “Thanks you for your help. We saw over 1.3 million registrations and our campaign got a social media sentiment score of over 95% positive, so it has been deemed a great success!!” — AKQA – Agency implementing the campaign for Marks and Spencer Companies that trust Auth0 - https://auth0.com/customers

30. Thanks #HackJos! Any Questions?