Artwork

Indhold leveret af Dariusz Kalbarczyk. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Dariusz Kalbarczyk eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.
Player FM - Podcast-app
Gå offline med appen Player FM !

AMP 26: Rethinking Auth for SPAs and Micro Frontends by Manfred Steyer

23:05
 
Del
 

Manage episode 333268719 series 2933705
Indhold leveret af Dariusz Kalbarczyk. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Dariusz Kalbarczyk eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.

What's up everyone, this is Dariusz Kalbarczyk co-founder of NG Poland, JS Poland, AngularMaster.dev & WorkshopFest.dev. Welcome back to the Angular Master Podcast.

Today, together with Manfred Steyer, who is an excellent Speaker, Trainer, Consultant and Author with focus on Angular. We will talk about Auth for SPAs and Micro Frontends

  1. You started a blog series where you tell us that the browser is no safe place for storing security tokens. However, it’s quite modern to directly use JWT tokens, OAuth 2 and OpenId Connect in the browser. What’s the reason for this?
  2. Do we need to panic, if we still use tokens in the browser?
  3. If we should not directly use security tokens in the browser, how to implement Single-Sign-on with existing identity solutions like Active Directory?
  4. How to deal with APIs of different origins?
  5. You also mention that there is a way to use these ideas to improve security while making everything easier. How is this even possible?
  6. Let’s assume, we have installed and configured such a Security Gateway. What do I need to do on the client-side for authentication and authorization?
  7. And what do I need to do on the server-side?
  8. Can you tell us a bit about your reference implementation for this idea?
  9. You are using ASP.NET Core for this. What to do, if this is not part of our stack?
  10. What Identity Solutions does this implementation support?
  11. What’s with Cross-Site-Request-Forgery Attacks, now, as we have cookies again? Do we need to protect ourselves from them?
  12. You also talked a lot about Micro Frontends recently. Does this approach also work with them or do we have to adjust it?
--- Send in a voice message: https://podcasters.spotify.com/pod/show/angular-master/message
  continue reading

54 episoder

Artwork
iconDel
 
Manage episode 333268719 series 2933705
Indhold leveret af Dariusz Kalbarczyk. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Dariusz Kalbarczyk eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.

What's up everyone, this is Dariusz Kalbarczyk co-founder of NG Poland, JS Poland, AngularMaster.dev & WorkshopFest.dev. Welcome back to the Angular Master Podcast.

Today, together with Manfred Steyer, who is an excellent Speaker, Trainer, Consultant and Author with focus on Angular. We will talk about Auth for SPAs and Micro Frontends

  1. You started a blog series where you tell us that the browser is no safe place for storing security tokens. However, it’s quite modern to directly use JWT tokens, OAuth 2 and OpenId Connect in the browser. What’s the reason for this?
  2. Do we need to panic, if we still use tokens in the browser?
  3. If we should not directly use security tokens in the browser, how to implement Single-Sign-on with existing identity solutions like Active Directory?
  4. How to deal with APIs of different origins?
  5. You also mention that there is a way to use these ideas to improve security while making everything easier. How is this even possible?
  6. Let’s assume, we have installed and configured such a Security Gateway. What do I need to do on the client-side for authentication and authorization?
  7. And what do I need to do on the server-side?
  8. Can you tell us a bit about your reference implementation for this idea?
  9. You are using ASP.NET Core for this. What to do, if this is not part of our stack?
  10. What Identity Solutions does this implementation support?
  11. What’s with Cross-Site-Request-Forgery Attacks, now, as we have cookies again? Do we need to protect ourselves from them?
  12. You also talked a lot about Micro Frontends recently. Does this approach also work with them or do we have to adjust it?
--- Send in a voice message: https://podcasters.spotify.com/pod/show/angular-master/message
  continue reading

54 episoder

Alle episoder

×
 
Loading …

Velkommen til Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Hurtig referencevejledning