Sam Bellen

Knock knock, who's there? Authenticating your single page apps using JSON Web Tokens. by Sam Bellen

When it comes to writing code, there’s nothing we take more serious than authentication and security. Modern single page applications bring along new challenges. By using solutions like the OpenID Connect protocol and JSON Web Tokens we can improve the user experience when authenticating with your apps, providing a seamless authentication process.

In this talk I will try to explain in depth, the way JSON Web Tokens work and can be used to secure your single page apps. I will explain the difference between using opaque tokens and JWTs. The talks will also give an overview of a modern authentication flow and a step by step breakdown of how it works exactly. No specific previous knowledge is required, but it helps the audience has some experience with authenticating users.

Talk Questions

  • Question 55
    What is the best practice to store the JWT in the browser?
  • Question 54
    How to revoke the JWT?
  • Question 52
    What do you recommend for the signing: secret key or public / private key pair?
  • Question 58
    How do you handle access token invalidation?
  • Question 59
    What is the recommended time to expire a token?
  • Question 56
    Sorry, a little bit out of topic but have you heard about blockchain's Indie project (project about authentication using blockchain)? Will you work on that in Auth0?
  • Question 57
    How would you implement logout with JWT?
  • Question 62
    Should we use tokens with a non SPA?
  • Question 61
    What is the best technology to stores jwt?
  • Question 63
    How can JWTs be used with other grant types?