16:00 - 16:45
Ever since the introduction of OAuth 2.0, the framework has been in continuous evolution. The initial specification addressed a strong need for delegation. However, since then various addendums focus on the needs of modern applications. Today, many of the original OAuth 2.0 flows are deprecated, and the best practices for Single Page Applications are in constant evolution. In this talk, we will investigate these recent changes. We will look at the use of the “Proof of Key for Code Exchange” (PKCE) flow in the browser and investigate how Single Page Applications handle tokens and the security measures that SDKs often implement out-of-the-box. We will also look at refresh tokens in the browser, and what you need to do to make them work. You will walk away with a solid overview of recent evolutions in OAuth 2.0, and where to use them in your applications.