Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Death to Cookies, Long Live JSON Web Tokens
Search
Matias Woloski
March 19, 2015
Technology
2
270
Death to Cookies, Long Live JSON Web Tokens
Matias Woloski
March 19, 2015
Tweet
Share
More Decks by Matias Woloski
See All by Matias Woloski
Death to Cookies Long Live Tokens - Gluecon 2014
woloski
0
170
jsconf.uy - Death to Cookies Long Live Tokens
woloski
0
42
Death to Cookies, Long Live Tokens
woloski
5
680
Other Decks in Technology
See All in Technology
『バイトル』CTOが語る! AIネイティブ世代と切り拓くモノづくり組織
dip_tech
PRO
1
130
業務効率化をさらに加速させる、ノーコードツールとStep Functionsのハイブリッド化
smt7174
2
140
20201008_ファインディ_品質意識を育てる役目は人かAIか___2_.pdf
findy_eventslides
2
640
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
3k
カンファレンスに託児サポートがあるということ / Having Childcare Support at Conferences
nobu09
1
590
JAZUG 15周年記念 × JAT「AI Agent開発者必見:"今"のOracle技術で拡張するAzure × OCIの共存アーキテクチャ」
shisyu_gaku
1
160
このままAIが発展するだけでAGI達成可能な理由
frievea
0
110
難しいセキュリティ用語をわかりやすくしてみた
yuta3110
0
140
Geospatialの世界最前線を探る [2025年版]
dayjournal
1
220
Git in Team
kawaguti
PRO
3
380
Introduction to Sansan Meishi Maker Development Engineer
sansan33
PRO
0
310
Introduction to Bill One Development Engineer
sansan33
PRO
0
300
Featured
See All Featured
Learning to Love Humans: Emotional Interface Design
aarron
274
41k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4k
The Straight Up "How To Draw Better" Workshop
denniskardys
238
140k
Speed Design
sergeychernyshev
32
1.2k
KATA
mclloyd
32
15k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.7k
Building Adaptive Systems
keathley
44
2.8k
Large-scale JavaScript Application Architecture
addyosmani
514
110k
Code Review Best Practice
trishagee
72
19k
Producing Creativity
orderedlist
PRO
347
40k
Side Projects
sachag
455
43k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.6k
Transcript
Death to Cookies Long Live JSON Web Tokens
@woloski CTO & Founder Auth0
Identity made simple for developers
Authentication for Modern Applications using Tokens
Browser Web Server auth C C Most of the web
Browser Web Server (PHP) Realtime (Node) C M modern apps
Browser Web Server (PHP) Realtime (Node) C M Cookies are
coupled to the web framework modern apps
Browser Web Server (PHP) Realtime (Node) C M API (Node)
A Phones Tablets A modern apps
Browser Web Server (PHP) Realtime (Node) C M API (Node)
A APIs don’t use Cookies Phones Tablets A modern apps
Browser Web Server (PHP) Realtime (Node) C M API (Ruby)
API (Node) A A Phones Tablets A modern apps
Browser Web Server (PHP) Realtime (Node) C M API (Ruby)
API (Node) A A AWS S3 S Phones Tablets A modern apps
Browser Web Server (Python) Realtime (Node) C M API (Ruby)
API (Node) A A Cookies don’t “flow” AWS S3 S Phones Tablets A modern apps
A better approach Token-based Authentication JSON Web Tokens https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-30
auth0/deathcookies-talk Demo time!
TouchID Ask User to Login with TouchID Is Private Key
on KeyChain? Generate Key Pair Store Public Key on Server Generate JWT & Sign with Private Key Validate JWT with Public Key on Server Yes No
Browser modern apps Web Server (Python) Realtime (Node) API (Ruby)
API (Node) AWS S3 Phones Tablets
Thanks! @woloski @auth0 auth0.com/jobs
Appendix
None
None
Token expires, deal with refresh
Confidential info, encrypt it
Social auth
Tokens can get big Don’t over engineer Don’t do fine
grained permissions Define scopes
How to deal with protected images? https://github.com/hueniverse/hawk#single-uri-authorization Create signed requests
(single URI authorization)
woloski
dip_tech
smt7174
findy_eventslides
sansan33
nobu09
shisyu_gaku
frievea
yuta3110
dayjournal
kawaguti
aarron
kastner
denniskardys
sergeychernyshev
mclloyd
mongodb
keathley
addyosmani
trishagee
orderedlist
sachag
garrettdimon
