Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Death to Cookies, Long Live JSON Web Tokens
Search
Matias Woloski
March 19, 2015
Technology
2
250
Death to Cookies, Long Live JSON Web Tokens
Matias Woloski
March 19, 2015
Tweet
Share
More Decks by Matias Woloski
See All by Matias Woloski
Death to Cookies Long Live Tokens - Gluecon 2014
woloski
0
160
jsconf.uy - Death to Cookies Long Live Tokens
woloski
0
35
Death to Cookies, Long Live Tokens
woloski
5
660
Other Decks in Technology
See All in Technology
プロトタイピングによる不確実性の低減 / Reducing Uncertainty through Prototyping
ohbarye
3
240
PHPカンファレンス小田原2024
ysknsid25
3
660
「共通基盤」を超えよ! 今、Platform Engineeringに取り組むべき理由
jacopen
25
5.9k
Data and AI Governance: Existing Challenges and Emerging Trends
scotthsieh825
0
150
人間の尊厳、幸福、アクセシビリティ / 第116回「WEB TOUCH MEETING」アクセシビリティSP
nulabinc
PRO
2
180
SREとその組織類型
tatsuo48
8
1.5k
Janus
bkuhlmann
1
490
シン・Kafka / shin-kafka
oracle4engineer
PRO
7
2.7k
カオナビの利用実績をアウトカムへつなげる旅 / example-of-data-management-startup-in-kaonavi
kaonavi
0
120
GraphQL 成熟度モデルの紹介と、プロダクトに当てはめた事例 / GraphQL maturity model
mh4gf
4
110
Databricks におけるデータエンジニアリング
databricksjapan
0
380
KubeCon EU 2024 Recap “Kubernetes Policy Time Machine: Where to Next?”
ryysud
0
110
Featured
See All Featured
GitHub's CSS Performance
jonrohan
1023
450k
Thoughts on Productivity
jonyablonski
57
3.8k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
4.4k
KATA
mclloyd
14
12k
The Illustrated Children's Guide to Kubernetes
chrisshort
29
46k
Agile that works and the tools we love
rasmusluckow
324
20k
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.1k
Infographics Made Easy
chrislema
237
18k
GraphQLの誤解/rethinking-graphql
sonatard
50
9.2k
Raft: Consensus for Rubyists
vanstee
132
6.2k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
119
38k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
273
13k
Transcript
Death to Cookies Long Live JSON Web Tokens
@woloski CTO & Founder Auth0
Identity made simple for developers
Authentication for Modern Applications using Tokens
Browser Web Server auth C C Most of the web
Browser Web Server (PHP) Realtime (Node) C M modern apps
Browser Web Server (PHP) Realtime (Node) C M Cookies are
coupled to the web framework modern apps
Browser Web Server (PHP) Realtime (Node) C M API (Node)
A Phones Tablets A modern apps
Browser Web Server (PHP) Realtime (Node) C M API (Node)
A APIs don’t use Cookies Phones Tablets A modern apps
Browser Web Server (PHP) Realtime (Node) C M API (Ruby)
API (Node) A A Phones Tablets A modern apps
Browser Web Server (PHP) Realtime (Node) C M API (Ruby)
API (Node) A A AWS S3 S Phones Tablets A modern apps
Browser Web Server (Python) Realtime (Node) C M API (Ruby)
API (Node) A A Cookies don’t “flow” AWS S3 S Phones Tablets A modern apps
A better approach Token-based Authentication JSON Web Tokens https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-30
auth0/deathcookies-talk Demo time!
TouchID Ask User to Login with TouchID Is Private Key
on KeyChain? Generate Key Pair Store Public Key on Server Generate JWT & Sign with Private Key Validate JWT with Public Key on Server Yes No
Browser modern apps Web Server (Python) Realtime (Node) API (Ruby)
API (Node) AWS S3 Phones Tablets
Thanks! @woloski @auth0 auth0.com/jobs
Appendix
None
None
Token expires, deal with refresh
Confidential info, encrypt it
Social auth
Tokens can get big Don’t over engineer Don’t do fine
grained permissions Define scopes
How to deal with protected images? https://github.com/hueniverse/hawk#single-uri-authorization Create signed requests
(single URI authorization)