Web API Authorization & Access Control – done right!

Cite

Norwegian Developers Conference (NDC)

Baier, Dominick

Formal Metadata

Title

Web API Authorization & Access Control – done right!

Title of Series

NDC Oslo 2014

Number of Parts

170

Author

Baier, Dominick

License

CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this

Identifiers

10.5446/50593 (DOI)

Publisher

Norwegian Developers Conference (NDC)

Release Date

2014

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

I spent the last three years building application back-ends using Web APIs so that arbitrary client technologies can consume them. This creates a number of interesting challenges around authentication and authorization. Embracing token-based authentication, claims and the OAuth2 design patterns simplified many of the complex scenarios. This talk illustrates which tools we have built to make our lifes easier and what works well and what doesn’t - together with some war stories and tips from the trenches.