OAuth 2.0 allows one to centralize user authentication. JWT tokens allow for signed-in user data to be kept client side, hence no server side session storage is required. The conjunction of both seems to have gained a lot of interest in recent years. During the talk I will introduce you to OAuth 2.0 flows and JWT tokens internals. I will show how those can be used to authenticate and manage user sessions in mobile and modern web applications. I will present the challenges we faced when implementing authentication using OAuth 2.0 flows with JWT tokens in a large PHP based application. We shall try to compare Token based mechanisms to well known PHP server side sessions. I hope to answer the question: Is it worth switching from session mechanism to OAuth 2.0 flow with JWT tokens?

Comments

Comments are closed.

Very nice talk about advantages and disadvantages of JWT tokens. A lot of examples and cases. Very good!

Karol Kreft at 21:53 on 5 Nov 2018

Greg didn't keep the audience in suspense long, answer for question included in the title of his talk was given in his first words, quoting: "No" :) Of course, the long version is, as usual in IT world, "It depends".

Talk was strongly technical, contained the code and diagrams which represents details of architecture. Greg described what JWT is, in what circumstances is useful, how to implement OAuth2.0 and handling common problems at the same time. Examples ware interesting and detailed, they are a big advantage of speech.