15:00 - 16:00 (UTC±00)
Talk (60 min)
How to develop to be compliant with OAuth 2.1 out of the gate
Authorization and authentication are two of the main problems in modern web application’s security. They were both solved by OAuth 2.0 and OpenID Connect(OIDC). OAuth community has patched and added to the OAuth spec over the years. If you want to implement a secure OAuth solution today, it requires reading so many RFCs and Best Current Practices (BCPs). OAuth 2.1 is an in-progress effort to consolidate and simplify the most commonly used features of OAuth 2.0. I want to discuss the details of OAuth 2.1, and the development approach for current projects to be compliant with OAuth 2.1 out of the gate. To demo the implementation, I use .NET 5 and IdentityServer4, which is one of the most popular open source frameworks for OpenID Connect and OAuth 2.0 on ASP.NET Core.