Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Death to Cookies Long Live Tokens - Gluecon 2014

Matias Woloski
May 31, 2014
Technology
0
160

Death to Cookies Long Live Tokens - Gluecon 2014

Cookies have been around for decades and have served us well. Nobody questions their usefulness. However, modern apps demand a better approach. This session is all about the natural successor to cookies: using a token-based design. Tokens help build apps that are assembled on multiple stacks, that use your own and 3rd party APIs, that run on-premises and the cloud. They help easily “flow” user identity across all layers and security contexts, regardless of how they authenticated. And help you deal with CORS and XSRF. Join a code session in which we’ll implement a token-based app using AngularJs and an API.

Code for this presentation is here
https://github.com/auth0/death-to-cookies-gluecon

Matias Woloski

May 31, 2014
Tweet

More Decks by Matias Woloski

See All by Matias Woloski
Death to Cookies, Long Live JSON Web Tokens
woloski
2
260
jsconf.uy - Death to Cookies Long Live Tokens
woloski
0
39
Death to Cookies, Long Live Tokens
woloski
5
670

Other Decks in Technology

See All in Technology
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
25
6.2k
サイバーセキュリティと認知バイアス:対策の隙を埋める心理学的アプローチ
shumei_ito
0
350
マイベストのデータ基盤の現在と未来 / mybest-data-infra-asis-tobe
mybestinc
2
2k
RubyのWebアプリケーションを50倍速くする方法 / How to Make a Ruby Web Application 50 Times Faster
hogelog
1
700
Windows Autopilot Deployment by OSD Guy
tamaiyutaro
0
320
テストコード品質を高めるためにMutation Testingライブラリ・Strykerを実戦導入してみた話
ysknsid25
3
280
強いチームと開発生産性
onk
PRO
22
7.6k
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.1k
SREの組織類型に応じた リーダシップの考察
kenta_hi
PRO
1
630
Lexical Analysis
shigashiyama
1
140
3次元点群データ「VIRTUAL SHIZUOKA』のオープンデータ化による恩恵と協働の未来/FOSS4G Japan 2024
kazz24s
0
140
音声×Copilot オンコパの世界
kasada
1
120

Featured

See All Featured
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.2k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
Gamification - CAS2011
davidbonilla
80
5k
Designing on Purpose - Digital PM Summit 2013
jponch
115
7k
Docker and Python
trallard
40
3.1k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Visualization
eitanlees
145
15k
The Art of Programming - Codeland 2020
erikaheidi
52
13k
We Have a Design System, Now What?
morganepeng
50
7.2k

Transcript

  1. Death to Cookies Long Live Tokens @woloski @eugenio_pace #tokensftw

  2. Browser Web Server auth C C Most of the web

  3. Browser Web Server (Python) Realtime (Node) C M modern apps

  4. Browser Web Server (Python) Realtime (Node) C M ! Cookies

    are coupled to the web framework modern apps

  5. Browser Web Server (Python) Realtime (Node) C M API (Node)

    A Phones Tablets A modern apps

  6. Browser Web Server (Python) Realtime (Node) C M API (Node)

    A Set-Cookie + CORS = doesn’t play well Phones Tablets A modern apps

  7. Browser Web Server (Python) Realtime (Node) C M API (Ruby)

    API (Node) A A Phones Tablets A modern apps

  8. Browser Web Server (Python) Realtime (Node) C M API (Ruby)

    API (Node) A A AWS S3 S Phones Tablets A modern apps

  9. Browser Web Server (Python) Realtime (Node) C M API (Ruby)

    API (Node) A A ! Cookies don’t “flow” AWS S3 S Phones Tablets A modern apps

  10. http://tools.ietf.org/html/draft-ietf-oauth-json-web-token A better approach Token-based Authentication

  11. https://github.com/ auth0/death-to-cookies- gluecon Demos

  12. How it works? jwt.io

  13. Browser modern apps Web Server (Python) Realtime (Node) API (Ruby)

    API (Node) AWS S3 Phones Tablets

  14. Learn more at the Auth0 booth codecademy

  15. Thanks! @woloski @eugenio_pace auth0.com jwt.io