I just finished my session on enterprise-level API security with oAuth2 / OIDC – so for all of you who were there (and those who weren’t :-)), as promised, you can find my slides and code on my Github. Here’s what it was all about:
You probably know how to secure your API with access tokens, but did you know you can use reference tokens to improve security? The token exchange standard for delegated access? A custom grant for API to API access? And what about improving client authentication for those use cases where clientid & client secret don’t cut it anymore? In this in-depth session we’ll cover all of these topics, extensively using IdentityServer4 in the process. Note that some previous knowledge on OAuth2 and OpenID Connect is a must.