How to auth your API in 2020
2020.02.07 | Marius Schmidt
What kind if auth mechanism exist?
Getting acquainted with OAuth2
- What the heck is OAuth?
- Why Mastercard Doesn't Use OAuth 2.0
- Want to Secure Your APIs? You’ll Need OAuth 2.0 for That
Thoughts on why JWT for Session might not be the best choice
- The hard parts of JWT scurity nobody talks about
- Stop using JWT for sessions
- Stop using JWT for sessions, part 2. Why your solution does not work
- Why JWTs suck as session tokens
- What happens, if your JWT is stolen
Using Keycloak for Auth
What are the the big ones using?