Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Death to Cookies Long Live Tokens - Gluecon 2014

Matias Woloski
May 31, 2014
Technology
0
160

Death to Cookies Long Live Tokens - Gluecon 2014

Cookies have been around for decades and have served us well. Nobody questions their usefulness. However, modern apps demand a better approach. This session is all about the natural successor to cookies: using a token-based design. Tokens help build apps that are assembled on multiple stacks, that use your own and 3rd party APIs, that run on-premises and the cloud. They help easily “flow” user identity across all layers and security contexts, regardless of how they authenticated. And help you deal with CORS and XSRF. Join a code session in which we’ll implement a token-based app using AngularJs and an API.

Code for this presentation is here
https://github.com/auth0/death-to-cookies-gluecon

Matias Woloski

May 31, 2014
Tweet

More Decks by Matias Woloski

See All by Matias Woloski
Death to Cookies, Long Live JSON Web Tokens
woloski
2
250
jsconf.uy - Death to Cookies Long Live Tokens
woloski
0
35
Death to Cookies, Long Live Tokens
woloski
5
660

Other Decks in Technology

See All in Technology
Cloud Native Java with Spring Boot (CNCF Aarhus, April 2024)
thomasvitale
1
170
レガシーをぶっ壊せ。AEONで始めるDevRelの話 / Qiita Night 2024-2-22
aeonpeople
3
1.3k
Tellus の衛星データを見てみよう #mf_fukuoka
kongmingstrap
0
190
一生覚えておきたい「システム開発=コミュニケーション」〜初めての実務案件振り返りLT〜
maimyyym
0
140
Delivering Millions of Messages within seconds @ Duolingo
pelelgrino
0
350
FrontDoorとWebAppsを組み合わせた際のリダイレクト処理の注意点
kenichirokimura
1
530
GrafanaMeetup_AmazonManagedGrafanaのアクセス制御機能とマルチテナント環境下でのアクセス制御について
daitak
0
240
プロトタイピングによる不確実性の低減 / Reducing Uncertainty through Prototyping
ohbarye
5
390
アクセス制御にまつわる改善 / Improving access control
itkq
0
540
20分で完全に理解するGrafanaダッシュボード
hamadakoji
3
650
MySQL の SQL クエリチューニングの要所を掴む勉強会
andpad
3
6.4k
Java EE/Jakarta EEの現状と将来 ―クラウドネイティブ時代にJava EEは対応できるのか?―
takakiyo
1
160

Featured

See All Featured
YesSQL, Process and Tooling at Scale
rocio
164
13k
Rebuilding a faster, lazier Slack
samanthasiow
73
8.2k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
78
42k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
125
32k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
60
14k
Faster Mobile Websites
deanohume
299
30k
Atom: Resistance is Futile
akmur
259
25k
Building Your Own Lightsaber
phodgson
99
5.7k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
GraphQLの誤解/rethinking-graphql
sonatard
50
9.2k
StorybookのUI Testing Handbookを読んだ
zakiyama
13
4.6k
Unsuck your backbone
ammeep
663
57k

Transcript

  1. Death to Cookies Long Live Tokens @woloski @eugenio_pace #tokensftw

  2. Browser Web Server auth C C Most of the web

  3. Browser Web Server (Python) Realtime (Node) C M modern apps

  4. Browser Web Server (Python) Realtime (Node) C M ! Cookies

    are coupled to the web framework modern apps

  5. Browser Web Server (Python) Realtime (Node) C M API (Node)

    A Phones Tablets A modern apps

  6. Browser Web Server (Python) Realtime (Node) C M API (Node)

    A Set-Cookie + CORS = doesn’t play well Phones Tablets A modern apps

  7. Browser Web Server (Python) Realtime (Node) C M API (Ruby)

    API (Node) A A Phones Tablets A modern apps

  8. Browser Web Server (Python) Realtime (Node) C M API (Ruby)

    API (Node) A A AWS S3 S Phones Tablets A modern apps

  9. Browser Web Server (Python) Realtime (Node) C M API (Ruby)

    API (Node) A A ! Cookies don’t “flow” AWS S3 S Phones Tablets A modern apps

  10. http://tools.ietf.org/html/draft-ietf-oauth-json-web-token A better approach Token-based Authentication

  11. https://github.com/ auth0/death-to-cookies- gluecon Demos

  12. How it works? jwt.io

  13. Browser modern apps Web Server (Python) Realtime (Node) API (Ruby)

    API (Node) AWS S3 Phones Tablets

  14. Learn more at the Auth0 booth codecademy

  15. Thanks! @woloski @eugenio_pace auth0.com jwt.io