Track 2

15:00 - 16:00 (UTC±00)

Talk (60 min)

How to develop to be compliant with OAuth 2.1 out of the gate

Authorization and authentication are two of the main problems in modern web application’s security. They were both solved by OAuth 2.0 and OpenID Connect(OIDC). OAuth community has patched and added to the OAuth spec over the years. If you want to implement a secure OAuth solution today, it requires reading so many RFCs and Best Current Practices (BCPs). OAuth 2.1 is an in-progress effort to consolidate and simplify the most commonly used features of OAuth 2.0. I want to discuss the details of OAuth 2.1, and the development approach for current projects to be compliant with OAuth 2.1 out of the gate. To demo the implementation, I use .NET 5 and IdentityServer4, which is one of the most popular open source frameworks for OpenID Connect and OAuth 2.0 on ASP.NET Core.


Nahid Farrokhi

I am a software developer with career focus on back-end development and architecture. I am constantly moving forward to learn new skills, and extend my abilities. Recently I spend most of my spare time reading, developing and writing about web application security.