All sessions are in PDT (UTC -7)
Back To Schedule
Wednesday, September 9 • 10:20am - 10:50am
Not your Uncle's Auth: OAuth2.1 and Other Updates in Securing Your API - Vittorio Bertocci, Auth0

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

OAuth 2.0 and adjacent technologies, such as the JWT format, have been been extraordinarily successful in providing a viable mechanism for authorizing API calls in a wide variety of scenarios.
The lax nature of the specification, however, left a lot as exercise for the reader- which resulted in many insecure and non interoperable deployments. The standard group worked to fill the gaps by releasing a sequence of addendum to the core spec, fleshing out new scenarios (native clients, SPAs), security recommendations and more, making it very hard for implementers to keep up with what's really needed to develop secure solutions.
OAuth 2.1 is a proposed update to the core spec that incorporates back the most salient new guidance; together with new important updates, such as a profile detailing how to use JWT tokens in OAuth in interoperable fashion, it represents a new breed of guidance that will streamline your API security strategy. Come to this session to learn about those changes and how you can take advantage of them in your solution!

avatar for Vittorio Bertocci

Vittorio Bertocci

Principal Architect, Auth0
Vittorio Bertocci is Principal Architect at Auth0, where he focuses on product innovation and standards. Prior to Auth0, he spent 17 years at Microsoft, where he worked on identity and developer experience across multiple products and audiences.Vittorio is a recognized expert in the... Read More →

Wednesday September 9, 2020 10:20am - 10:50am PDT