Nashville IAM User Group: What's New with OAuth and OpenID Connect?

April 29, 2021
Thu

Join Aaron Parecki - Senior Security Architect @ Okta and Trey Ray | Manager Cybersecurity | FedEx Services, Information Security

Aaron Parecki is a Senior Security Architect at Okta. He is the author of OAuth 2.0 Simplified, and maintains oauth.net. He regularly writes and gives talks about OAuth and online security. He is a member of the OAuth working group, and is the co-founder of IndieWebCamp, a conference focusing on data ownership and online identity. Aaron has spoken at conferences around the world about OAuth, data ownership, quantified self, and home automation, and his work has been featured in Wired, Fast Company and more.

In this talk you'll learn about the latest developments with the OAuth and OIDC specs directly from Aaron Parecki, the co-author of OAuth 2.1. The latest additions to the specs enable richer experiences and better security for applications and APIs using OAuth. Since the original publication of OAuth 2.0 (RFC 6749) in 2012, several new RFCs have been published that either add or remove functionality from the core spec, including OAuth 2.0 for Native Apps, Proof Key for Code Exchange, OAuth for Browser-Based Apps, and OAuth 2.0 Security Best Current Practice. OAuth 2.1 is an in-progress effort to consolidate and simplify OAuth 2.0 by packaging up all the best practices into a new version of the spec. This session will cover the current status of this ongoing work and what you need to know to be prepared.