SlideShare uma empresa Scribd logo

JWT Meetup Recap

Transferir como PPTX, PDF
P
Patryk Bandurski

The document summarizes a MuleSoft meetup event about JSON Web Tokens (JWT). The agenda included introductions, an introduction to JWT, a demonstration of a JWT validation policy in MuleSoft, generating JWTs, and a quiz with prizes. The speaker discussed what JWTs are, their structure, common claims, how to validate and consume JWTs using MuleSoft policies, and generating JWTs programmatically or with a custom component.

Tecnologia
1 de 53
06/10/2020 Warsaw MuleSoft Meetup Group JSON Web Token demystified
2 ● Introductions & Community Updates ● Introduction to JWT ● JSON Validation Policy ● Consuming service with JWT validation policy ● Quiz & Lottery ● What’s next & Close Agenda
Introduction
Our partners 4
5 ● Subject Matter Expert at PwC Poland ● MuleSoft Ambassador ● MuleSoft Meetup Leader for Warsaw, Poland ● Working with MuleSoft products for over 8 years now ● One of Salesforce Trailblazers https://trailhead.salesforce.com/trailblazers/patryk-bandurski Organizer / Speaker Check out my integration blog https://ambassadorpatryk.com/blog
Share the event 6 ● Share the Meetup in your social media ● Use Hashtags #MuleSoftMeetup #WarsawMuleSoftMeetup Thanks 
MuleSoft Connect:Now Community Updated
8 MuleSoft CONNECT:Now MuleSoft CONNECT:Now is a virtual experience bringing you a full program of technical sessions and content, streamed online for free! Register for free: https://connect.mulesoft.com
9 Developer Meetups at CONNECT:Now events Meet the MuleSoft Community! ● Hear technical use cases from customer and partner MuleSoft experts around the globe ● Live chat with MuleSoft Ambassadors! JOIN ONLINE FOR FREE: EMEA: October 8, 2020 AMER: October 13, 2020 APAC: October 20, 2020 Register: https://connect.mulesoft.com/
Check out the technical presentations below: Developer Meetup at CONNECT:Now EMEA ● Twitter ○ Felipe Ocadiz, MuleSoft Ambassador, IT Integration Engineer ○ How to become an Anypoint Studio ninja ● Saint-Gobain ○ Francis Edwards, MuleSoft Ambassador, Integration Analyst ○ Useful integration tools JOIN FOR FREE: October 8, 2020 (10:30am-11:15am BST) Register: https://connect.mulesoft.com/events/connect/emea
Check out the technical presentations below: Developer Meetup at CONNECT:Now Americas ● AT&T ○ Brad Ringer, Principal System Engineer ○ MuleSoft Runtime Fabric: The road to success ● MuleSoft Ambassadress ○ Alexandra Martinez, Sr. MuleSoft Developer, Bits in Glass ○ Reviewing a complex DataWeave transformation JOIN FOR FREE: October 13, 2020 (10:30am-11:15am PDT) Register: https://connect.mulesoft.com/events/connect/amer
Check out the technical presentations below: Developer Meetup at CONNECT:Now JAPAC ● Datacom ○ Mary Joy Sabal, Sr. Integration Developer ○ Using Maven Archetypes to create MuleSoft API Project Templates ● MuleSoft Ambassador ○ Sravan Lingam, Consultant, Virtusa ○ Create a virtual Tic-Tac-Toe game using Object Store v2 JOIN FOR FREE: October 20, 2020 (2:30pm-3:15pm AEDT) Register: https://connect.mulesoft.com/events/connect/japac
13 Follow Mariana Lemus on LinkedIn
MuleSoft Ambassadors ● People to learn from ● Active in the MuleSoft Community ● Worth following ● 20 MuleSoft Ambassadors: https://developer.mules oft.com/dev/ambassado rs 14
● MuleSoft Partner Calendar MuleSoft Partnership ● Free online tutored Development Fundamentals available now! ● Visit Partnership Calendar https://www.mulesoft.com/integration-partner/program/calendar ● Other interesting calendars: 15
Introduction JSON Web Token Demystyfied
JSON Web Token „JSON web token (JWT), pronounced "jot", is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Again, JWT is a standard, meaning that all JWTs are tokens, but not all tokens are JWTs.” Auth0 Docs https://tools.ietf.org/html/rfc7515
JWS Structure ● JOSE Header ○ Algorithm used to sign ● Payload ○ Claims – statements about caller/user. We have registered claims, public claims and private claims. ● Signature ○ Signed encoded header and payload parts 18
Payload part of JWS 19 Claim property Claim name Description Example iss Issuer Issuer of the JWT Me sub Subject Subject of the JWT (the user) Bob aud Audience Recipient for which the JWT is intended https://api.ambassadorpatryk.co m nbf Not Before Time before which the JWT must not be accepted for processing. Unix timestamp. 1516239022 iat Issued At Time at which the JWT was issued; can be used to determine age of the JWT. Unix timestamp. 1516239022 id Id Unique identifier; can be used to prevent the JWT from being replayed (allows a token to be used only once) b32737dc-adb0-4faf-8e38- 7d0478f18a2e exp Expiration Time identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. Unix timestamp. 1516239022
Signature base64urlEncoded(Header) + „.” + base64urlEncoded(Payload) 20
JWT Validation Policy
JWT Validation Policy ● Supports ○ RS256, RS384, RS512 (RSA) ○ HS256, HS384, HS512 (HMAC) ● Supports registered claims and custom claims ● JWT Key ○ Static private value ○ Dynamicaly retrieved from JWKS ● Read more -> https://docs.mulesoft.com/api-manager/2.x/policy-mule4-jwt-validation 22
RSA256 with extra validation • Registered claims • Private claims (mandatory, not mandatory) DEMO Setup JWT validation policy
[DEMO] JWT Validation Policy Configuration ● Authorization header ● RSA 256 signing algorithm ● Public key static in policy 24
[DEMO] JWT Validation Policy Configuration ● Do not validate client id ● Validate audience (aud) ○ Expected values one of ■ pl-lb.anypointdns.com ■ Api.patrykbandurski.com ■ test.patrykbandurski.com ● Expiration (exp) is mandatory ● Apply to all methods and resources 25
[DEMO] JWT Validation Policy Generate JWS and place it in authorization header 400 Bad Request – no authorization header 401 Unauthorized – wrong token 26
[DEMO] JWT Validation Policy 27 [jwt-validation-1111044-sfdc-jwt-xapi-main].1111044-client-id-enforcementDEBUG event:d87e0230-064c-11eb-a171-066db5e9ec56 Token was parsed successfully. [jwt-validation-1111044-sfdc-jwt-xapi-main].1111044-client-id-enforcementDEBUG event:d87e0230-064c-11eb-a171-066db5e9ec56 Ready to validate the signature of the token. [jwt-validation-1111044-sfdc-jwt-xapi-main].1111044-client-id-enforcementDEBUG event:d87e0230-064c-11eb-a171-066db5e9ec56 Token signature successfully validated. [jwt-validation-1111044-sfdc-jwt-xapi-main].1111044-client-id-enforcementDEBUG event:d87e0230-064c-11eb-a171-066db5e9ec56 Validating aud claim. [jwt-validation-1111044-sfdc-jwt-xapi-main].1111044-client-id-enforcementDEBUG event:d87e0230-064c-11eb-a171-066db5e9ec56 The server did not identify with the any of the audiences '[aapi.patrykbandurski.com].' DEBUG com.mulesoft.extension.policies.jwt on logging
[DEMO] JWT Validation Policy 28 ● jwt.io ● Generate token ● Aud, iat, exp ● Public & private key ● Remember! Do not use online tools to generate
[DEMO] JWT Validation Policy 29 ● Required and optional private claims ● Static comparison ● Complex expression with DataWeave Required claim email is not present in the JWT. Token will be rejected.
[DEMO] JWT Validation Policy 30 ● Non mandatory claims. ○ Validate when claim name prasent ○ Can be complex – DataWeave – example roles is an Array haveing at least one item. Available values are USER, ADMIN or CONTRIBUTOR ○ Refer to claim via vars.claimSet.[claim- name] In case of failed condition, this will be saved in the log file "Condition ... not met"
JWKS (JSON Web Keys Set) ● Set of keys contains the public keys used to verify any JWT ● JWK (JSON Web Key) – JSON object representing a cryptographic key ● Rotation of the keys at ease ● Key retrieved dynamically 31
JWK { "kty": "RSA", "e": "AQAB", "alg": "RS256", "kid": "uniqueid", "n": "lgyuFifEOODgA4rZP2gQUunm_nM4G5a9aHoLkEosrMPuD4 LClPbke9nn0LUJ4H-M_3rX9- yXhjzhjrduUDcImVMBATN7UsYOxYOZvqUjRf72y1eNjIWMnLBCWB uQZrhqN73ttCOJLg28llI- 65XDfd6qeOlSlGWQD1YSGjX8cHDXoADXOpKrwPZy1ghkJMMtsvFx QNJd8hVvmzPlq-jefOXFOcsBjCB- QQkA3Lty0dScKPKfFQVooZxVhqU_r2wrSvviAdl8pN5yKmhcmT9S 9Ke-mfpJXOnYB9y3Z9xRb0RFQBhrDBLNEc1TDCeRX2RZ- A9pUJ0IbG-b-rFlQYjNOw" } 32
Working with JWKS ● Provide url to JWKS – publicly available ● 503 Service Unavailable– JWKS is not accessible ● 401 Unauthorized – signing error 33
RSA256 using JSON Web Keys Set DEMO Setup JWT validation policy
[DEMO] JWT Validation Policy - JWKS ● JWKS service ● Standard which allows customer to rated public keys 35
[DEMO] JWT Validation Policy - JWKS ● URL to JWKS 36
[DEMO] JWT Validation Policy - JWKS { "keys": [ { "kty": "RSA", "e": "AQAB", "alg": "RS256", "kid": "uniqueid", "n": "…" } ] } 37 JSON Web Keys Set:
Consume 3rd party service with JWT Validation Policy
Generating JWS in Mule ● No native support in MuleSoft ● Salesforce OAuth JWT authentication mechanism ● Custom code: ○ JAVA ■ JJWT library https://github.com/jwtk/jjwt ○ Ruby ■ ruby-jwt library https://github.com/jwt/ruby-jwt ● Mule Custom Component: ○ JWT Component Extension https://github.com/dyeeye/jwt-component
JJWT sample code JwtBuilder builder = Jwts.builder() // (1) .setIssuer(claims.getIssuer()) // (2) .setSubject(claims.getSubject()) .setAudience(claims.getAudience()) .setNotBefore(claims.getNotBefore()) .setIssuedAt(claims.getIssuedAt()) .setId(claims.getId()); String jws = builder .signWith(privKey, SignatureAlgorithm.valueOf(algorithm)) // (3) .compact(); // (4) 40
JWT Component ● Supports signing algorithms ○ RSA 256, 384 and 512 ○ HMAC 256, 384 and 512 ● Claims ○ Registered ○ Private ● Visual support in Anypoint Studio ● Reads keystore from classpath 41
Service secured with JWT Validation Policy RSA DEMO Consume service
[DEMO] Generating JWT 43
[DEMO] Generating JWT ● Removed expected expiration claim ● 401 in return 44
Questions?
Quiz
Trivia Quiz ● Quiz parts: ○ Three warm-up questions (you won’t get point from them) ○ Five questions (for points) ● Remember! ○ The quicker you respond more point you earn ○ Only good answers count  47 Three winners of today’s quiz receives: Free voucher for MuleSoft online training and exam
Lottery ● How it works? ○ I call API that selects randomly three winners among checked-in attendees. ○ I will ask winners by Name & Surname for the email ● Remember! ○ Prize is sponsored by 48 Three winners of today’s lottery receives: Amazon Voucher for 50$
Congratulation ● Congratulation to all the winners ○ of the Quiz ○ of the lottery ● Remember to send your email address to the organizer via chat window! 49
Wrap up
Share your knowledge ● Become a speaker and share your knowledge with our community ● Submit your idea via this form: https://tinyurl.com/become-speaker via email patryk.bandurski@gmail.com or 51
52 ● Share: ○ Tweet using the hashtag #MuleSoftMeetups ○ Invite your network to join: https://meetups.mulesoft.com/warsaw/ ● Feedback: ○ Fill out the survey feedback and suggest topics for upcoming events ○ Contact MuleSoft at meetups@mulesoft.com for ways to improve the program What’s next?
See you next time

Recomendados

Mule Runtime: Performance Tuning
Mule Runtime: Performance Tuning Mule Runtime: Performance Tuning
Mule Runtime: Performance Tuning MuleSoft
 
Log analysis using elk
Log analysis using elkLog analysis using elk
Log analysis using elkRushika Shah
 
ELK Stack
ELK StackELK Stack
ELK StackPhuc Nguyen
 
MuleSoft Surat Meetup#41 - Universal API Management, Anypoint Flex Gateway an...
MuleSoft Surat Meetup#41 - Universal API Management, Anypoint Flex Gateway an...MuleSoft Surat Meetup#41 - Universal API Management, Anypoint Flex Gateway an...
MuleSoft Surat Meetup#41 - Universal API Management, Anypoint Flex Gateway an...Jitendra Bafna
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack IntroductionVikram Shinde
 
Learn More About Object Store | MuleSoft Mysore Meetup #9
Learn More About Object Store | MuleSoft Mysore Meetup #9Learn More About Object Store | MuleSoft Mysore Meetup #9
Learn More About Object Store | MuleSoft Mysore Meetup #9MysoreMuleSoftMeetup
 
Designing Apps for Runtime Fabric: Logging, Monitoring & Object Store Persist...
Designing Apps for Runtime Fabric: Logging, Monitoring & Object Store Persist...Designing Apps for Runtime Fabric: Logging, Monitoring & Object Store Persist...
Designing Apps for Runtime Fabric: Logging, Monitoring & Object Store Persist...Eva Mave Ng
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0Uwe Friedrichsen
 

Recomendados

Mule Runtime: Performance Tuning
Mule Runtime: Performance Tuning Mule Runtime: Performance Tuning
Mule Runtime: Performance Tuning MuleSoft
 
Log analysis using elk
Log analysis using elkLog analysis using elk
Log analysis using elkRushika Shah
 
ELK Stack
ELK StackELK Stack
ELK StackPhuc Nguyen
 
MuleSoft Surat Meetup#41 - Universal API Management, Anypoint Flex Gateway an...
MuleSoft Surat Meetup#41 - Universal API Management, Anypoint Flex Gateway an...MuleSoft Surat Meetup#41 - Universal API Management, Anypoint Flex Gateway an...
MuleSoft Surat Meetup#41 - Universal API Management, Anypoint Flex Gateway an...Jitendra Bafna
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack IntroductionVikram Shinde
 
Learn More About Object Store | MuleSoft Mysore Meetup #9
Learn More About Object Store | MuleSoft Mysore Meetup #9Learn More About Object Store | MuleSoft Mysore Meetup #9
Learn More About Object Store | MuleSoft Mysore Meetup #9MysoreMuleSoftMeetup
 
Designing Apps for Runtime Fabric: Logging, Monitoring & Object Store Persist...
Designing Apps for Runtime Fabric: Logging, Monitoring & Object Store Persist...Designing Apps for Runtime Fabric: Logging, Monitoring & Object Store Persist...
Designing Apps for Runtime Fabric: Logging, Monitoring & Object Store Persist...Eva Mave Ng
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0Uwe Friedrichsen
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower securityShiu-Fun Poon
 
MuleSoft Anypoint Platform and Three Tier Architecture
MuleSoft Anypoint Platform and Three Tier ArchitectureMuleSoft Anypoint Platform and Three Tier Architecture
MuleSoft Anypoint Platform and Three Tier ArchitectureHarish Kumar
 
Migrating ETL Workflow to Apache Spark at Scale in Pinterest
Migrating ETL Workflow to Apache Spark at Scale in PinterestMigrating ETL Workflow to Apache Spark at Scale in Pinterest
Migrating ETL Workflow to Apache Spark at Scale in PinterestDatabricks
 
Warsaw MuleSoft Meetup #12 Effective Streaming
Warsaw MuleSoft Meetup #12 Effective StreamingWarsaw MuleSoft Meetup #12 Effective Streaming
Warsaw MuleSoft Meetup #12 Effective StreamingPatryk Bandurski
 
“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?GlobalLogic Ukraine
 
Oracle Database Security
Oracle Database SecurityOracle Database Security
Oracle Database SecurityTroy Kitch
 
Introducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data WarehouseIntroducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data WarehouseSnowflake Computing
 
MuleSoft Deployment Strategies (RTF vs Hybrid vs CloudHub)
MuleSoft Deployment Strategies (RTF vs Hybrid vs CloudHub)MuleSoft Deployment Strategies (RTF vs Hybrid vs CloudHub)
MuleSoft Deployment Strategies (RTF vs Hybrid vs CloudHub)Prashanth Kurimella
 
CDC Stream Processing With Apache Flink With Timo Walther | Current 2022
CDC Stream Processing With Apache Flink With Timo Walther | Current 2022CDC Stream Processing With Apache Flink With Timo Walther | Current 2022
CDC Stream Processing With Apache Flink With Timo Walther | Current 2022HostedbyConfluent
 
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys MeetupsMuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys MeetupsAngel Alberici
 
Anypoint API Manager Custom Policies & Best Practices
Anypoint API Manager Custom Policies & Best PracticesAnypoint API Manager Custom Policies & Best Practices
Anypoint API Manager Custom Policies & Best PracticesMuleSoft Meetups
 
Oracle data integrator 12c - getting started
Oracle data integrator 12c - getting startedOracle data integrator 12c - getting started
Oracle data integrator 12c - getting startedMichael Rainey
 
Stream and Batch Processing in the Cloud with Data Microservices
Stream and Batch Processing in the Cloud with Data MicroservicesStream and Batch Processing in the Cloud with Data Microservices
Stream and Batch Processing in the Cloud with Data Microservicesmarius_bogoevici
 
Elk
Elk Elk
Elk Caleb Wang
 
Json Web Token - JWT
Json Web Token - JWTJson Web Token - JWT
Json Web Token - JWTPrashant Walke
 
Introduction to MuleSoft
Introduction to MuleSoftIntroduction to MuleSoft
Introduction to MuleSoftAlexandra N. Martinez
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaDalton Valadares
 
Considerations for Data Access in the Lakehouse
Considerations for Data Access in the LakehouseConsiderations for Data Access in the Lakehouse
Considerations for Data Access in the LakehouseDatabricks
 
Introduction to Elasticsearch
Introduction to ElasticsearchIntroduction to Elasticsearch
Introduction to ElasticsearchRuslan Zavacky
 
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...Flink Forward
 
Warsaw muleSoft meetup #11 MuleSoft OData
Warsaw muleSoft meetup #11 MuleSoft ODataWarsaw muleSoft meetup #11 MuleSoft OData
Warsaw muleSoft meetup #11 MuleSoft ODataPatryk Bandurski
 
Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Leadex Systems
 

Mais conteúdo relacionado

Mais procurados

APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower securityShiu-Fun Poon
 
MuleSoft Anypoint Platform and Three Tier Architecture
MuleSoft Anypoint Platform and Three Tier ArchitectureMuleSoft Anypoint Platform and Three Tier Architecture
MuleSoft Anypoint Platform and Three Tier ArchitectureHarish Kumar
 
Migrating ETL Workflow to Apache Spark at Scale in Pinterest
Migrating ETL Workflow to Apache Spark at Scale in PinterestMigrating ETL Workflow to Apache Spark at Scale in Pinterest
Migrating ETL Workflow to Apache Spark at Scale in PinterestDatabricks
 
Warsaw MuleSoft Meetup #12 Effective Streaming
Warsaw MuleSoft Meetup #12 Effective StreamingWarsaw MuleSoft Meetup #12 Effective Streaming
Warsaw MuleSoft Meetup #12 Effective StreamingPatryk Bandurski
 
“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?GlobalLogic Ukraine
 
Oracle Database Security
Oracle Database SecurityOracle Database Security
Oracle Database SecurityTroy Kitch
 
Introducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data WarehouseIntroducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data WarehouseSnowflake Computing
 
MuleSoft Deployment Strategies (RTF vs Hybrid vs CloudHub)
MuleSoft Deployment Strategies (RTF vs Hybrid vs CloudHub)MuleSoft Deployment Strategies (RTF vs Hybrid vs CloudHub)
MuleSoft Deployment Strategies (RTF vs Hybrid vs CloudHub)Prashanth Kurimella
 
CDC Stream Processing With Apache Flink With Timo Walther | Current 2022
CDC Stream Processing With Apache Flink With Timo Walther | Current 2022CDC Stream Processing With Apache Flink With Timo Walther | Current 2022
CDC Stream Processing With Apache Flink With Timo Walther | Current 2022HostedbyConfluent
 
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys MeetupsMuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys MeetupsAngel Alberici
 
Anypoint API Manager Custom Policies & Best Practices
Anypoint API Manager Custom Policies & Best PracticesAnypoint API Manager Custom Policies & Best Practices
Anypoint API Manager Custom Policies & Best PracticesMuleSoft Meetups
 
Oracle data integrator 12c - getting started
Oracle data integrator 12c - getting startedOracle data integrator 12c - getting started
Oracle data integrator 12c - getting startedMichael Rainey
 
Stream and Batch Processing in the Cloud with Data Microservices
Stream and Batch Processing in the Cloud with Data MicroservicesStream and Batch Processing in the Cloud with Data Microservices
Stream and Batch Processing in the Cloud with Data Microservicesmarius_bogoevici
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaDalton Valadares
 
Considerations for Data Access in the Lakehouse
Considerations for Data Access in the LakehouseConsiderations for Data Access in the Lakehouse
Considerations for Data Access in the LakehouseDatabricks
 
Introduction to Elasticsearch
Introduction to ElasticsearchIntroduction to Elasticsearch
Introduction to ElasticsearchRuslan Zavacky
 
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...Flink Forward
 

Mais procurados (20)

APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
 
MuleSoft Anypoint Platform and Three Tier Architecture
MuleSoft Anypoint Platform and Three Tier ArchitectureMuleSoft Anypoint Platform and Three Tier Architecture
MuleSoft Anypoint Platform and Three Tier Architecture
 
Migrating ETL Workflow to Apache Spark at Scale in Pinterest
Migrating ETL Workflow to Apache Spark at Scale in PinterestMigrating ETL Workflow to Apache Spark at Scale in Pinterest
Migrating ETL Workflow to Apache Spark at Scale in Pinterest
 
Warsaw MuleSoft Meetup #12 Effective Streaming
Warsaw MuleSoft Meetup #12 Effective StreamingWarsaw MuleSoft Meetup #12 Effective Streaming
Warsaw MuleSoft Meetup #12 Effective Streaming
 
“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?
 
Oracle Database Security
Oracle Database SecurityOracle Database Security
Oracle Database Security
 
Introducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data WarehouseIntroducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data Warehouse
 
MuleSoft Deployment Strategies (RTF vs Hybrid vs CloudHub)
MuleSoft Deployment Strategies (RTF vs Hybrid vs CloudHub)MuleSoft Deployment Strategies (RTF vs Hybrid vs CloudHub)
MuleSoft Deployment Strategies (RTF vs Hybrid vs CloudHub)
 
CDC Stream Processing With Apache Flink With Timo Walther | Current 2022
CDC Stream Processing With Apache Flink With Timo Walther | Current 2022CDC Stream Processing With Apache Flink With Timo Walther | Current 2022
CDC Stream Processing With Apache Flink With Timo Walther | Current 2022
 
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys MeetupsMuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
 
Anypoint API Manager Custom Policies & Best Practices
Anypoint API Manager Custom Policies & Best PracticesAnypoint API Manager Custom Policies & Best Practices
Anypoint API Manager Custom Policies & Best Practices
 
Oracle data integrator 12c - getting started
Oracle data integrator 12c - getting startedOracle data integrator 12c - getting started
Oracle data integrator 12c - getting started
 
Stream and Batch Processing in the Cloud with Data Microservices
Stream and Batch Processing in the Cloud with Data MicroservicesStream and Batch Processing in the Cloud with Data Microservices
Stream and Batch Processing in the Cloud with Data Microservices
 
Elk
Elk Elk
Elk
 
Json Web Token - JWT
Json Web Token - JWTJson Web Token - JWT
Json Web Token - JWT
 
Introduction to MuleSoft
Introduction to MuleSoftIntroduction to MuleSoft
Introduction to MuleSoft
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and Wilma
 
Considerations for Data Access in the Lakehouse
Considerations for Data Access in the LakehouseConsiderations for Data Access in the Lakehouse
Considerations for Data Access in the Lakehouse
 
Introduction to Elasticsearch
Introduction to ElasticsearchIntroduction to Elasticsearch
Introduction to Elasticsearch
 
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
 

Semelhante a JWT Meetup Recap

Warsaw muleSoft meetup #11 MuleSoft OData
Warsaw muleSoft meetup #11 MuleSoft ODataWarsaw muleSoft meetup #11 MuleSoft OData
Warsaw muleSoft meetup #11 MuleSoft ODataPatryk Bandurski
 
Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Leadex Systems
 
Heroku - A ployglot Platform (Add-on)
Heroku - A ployglot Platform (Add-on)Heroku - A ployglot Platform (Add-on)
Heroku - A ployglot Platform (Add-on)Ashish Tondare
 
Architect Track Heroku - A Polyglot Platform [Architecture & Add-ons]By Ashis...
Architect Track Heroku - A Polyglot Platform [Architecture & Add-ons]By Ashis...Architect Track Heroku - A Polyglot Platform [Architecture & Add-ons]By Ashis...
Architect Track Heroku - A Polyglot Platform [Architecture & Add-ons]By Ashis...BLRDEVX
 
Camille chaudet measure camp-tagguing_mobile_apps_june15_v1.0
Camille chaudet measure camp-tagguing_mobile_apps_june15_v1.0 Camille chaudet measure camp-tagguing_mobile_apps_june15_v1.0
Camille chaudet measure camp-tagguing_mobile_apps_june15_v1.0 measurecampparis
 
Sydney MuleSoft Meetup #16 - 19 November 2020
Sydney MuleSoft Meetup #16 - 19 November 2020Sydney MuleSoft Meetup #16 - 19 November 2020
Sydney MuleSoft Meetup #16 - 19 November 2020Royston Lobo
 
2016 pycontw web api authentication
2016 pycontw web api authentication 2016 pycontw web api authentication
2016 pycontw web api authentication Micron Technology
 
Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security LandscapePrabath Siriwardena
 
Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security LandscapePrabath Siriwardena
 
Warsaw MuleSoft Meetup #13.pptx
Warsaw MuleSoft Meetup #13.pptxWarsaw MuleSoft Meetup #13.pptx
Warsaw MuleSoft Meetup #13.pptxPatryk Bandurski
 
Using JSON Web Tokens for REST Authentication
Using JSON Web Tokens for REST Authentication Using JSON Web Tokens for REST Authentication
Using JSON Web Tokens for REST Authentication Mediacurrent
 
Himmelstein SP Connections HAD207 SharePoint Logging & Debugging
Himmelstein SP Connections HAD207 SharePoint Logging & DebuggingHimmelstein SP Connections HAD207 SharePoint Logging & Debugging
Himmelstein SP Connections HAD207 SharePoint Logging & DebuggingSentri
 
WebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in DepthWebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in Depthyalegko
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment Sergey Gordeychik
 
Webrtc 동향과 이슈 2016.08
Webrtc 동향과 이슈 2016.08Webrtc 동향과 이슈 2016.08
Webrtc 동향과 이슈 2016.08sung young son
 
Melbourne Virtual MuleSoft Meetup November 2020
Melbourne Virtual MuleSoft Meetup November 2020Melbourne Virtual MuleSoft Meetup November 2020
Melbourne Virtual MuleSoft Meetup November 2020Daniel Soffner
 
Unleash MuleSoft Platform for Enterprise Healthcare Solutions
Unleash MuleSoft Platform for Enterprise Healthcare SolutionsUnleash MuleSoft Platform for Enterprise Healthcare Solutions
Unleash MuleSoft Platform for Enterprise Healthcare SolutionsEva Mave Ng
 

Semelhante a JWT Meetup Recap (20)

Warsaw muleSoft meetup #11 MuleSoft OData
Warsaw muleSoft meetup #11 MuleSoft ODataWarsaw muleSoft meetup #11 MuleSoft OData
Warsaw muleSoft meetup #11 MuleSoft OData
 
Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021
 
Heroku - A ployglot Platform (Add-on)
Heroku - A ployglot Platform (Add-on)Heroku - A ployglot Platform (Add-on)
Heroku - A ployglot Platform (Add-on)
 
Architect Track Heroku - A Polyglot Platform [Architecture & Add-ons]By Ashis...
Architect Track Heroku - A Polyglot Platform [Architecture & Add-ons]By Ashis...Architect Track Heroku - A Polyglot Platform [Architecture & Add-ons]By Ashis...
Architect Track Heroku - A Polyglot Platform [Architecture & Add-ons]By Ashis...
 
Camille chaudet measure camp-tagguing_mobile_apps_june15_v1.0
Camille chaudet measure camp-tagguing_mobile_apps_june15_v1.0 Camille chaudet measure camp-tagguing_mobile_apps_june15_v1.0
Camille chaudet measure camp-tagguing_mobile_apps_june15_v1.0
 
Sydney MuleSoft Meetup #16 - 19 November 2020
Sydney MuleSoft Meetup #16 - 19 November 2020Sydney MuleSoft Meetup #16 - 19 November 2020
Sydney MuleSoft Meetup #16 - 19 November 2020
 
2016 pycontw web api authentication
2016 pycontw web api authentication 2016 pycontw web api authentication
2016 pycontw web api authentication
 
Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security Landscape
 
Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security Landscape
 
Warsaw MuleSoft Meetup #13.pptx
Warsaw MuleSoft Meetup #13.pptxWarsaw MuleSoft Meetup #13.pptx
Warsaw MuleSoft Meetup #13.pptx
 
Sputnik dlt
Sputnik dltSputnik dlt
Sputnik dlt
 
Using JSON Web Tokens for REST Authentication
Using JSON Web Tokens for REST Authentication Using JSON Web Tokens for REST Authentication
Using JSON Web Tokens for REST Authentication
 
Tshepo morailane(resume)
Tshepo morailane(resume)Tshepo morailane(resume)
Tshepo morailane(resume)
 
Himmelstein SP Connections HAD207 SharePoint Logging & Debugging
Himmelstein SP Connections HAD207 SharePoint Logging & DebuggingHimmelstein SP Connections HAD207 SharePoint Logging & Debugging
Himmelstein SP Connections HAD207 SharePoint Logging & Debugging
 
WebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in DepthWebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in Depth
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
 
Docker Monitoring Webinar
Docker Monitoring WebinarDocker Monitoring Webinar
Docker Monitoring Webinar
 
Webrtc 동향과 이슈 2016.08
Webrtc 동향과 이슈 2016.08Webrtc 동향과 이슈 2016.08
Webrtc 동향과 이슈 2016.08
 
Melbourne Virtual MuleSoft Meetup November 2020
Melbourne Virtual MuleSoft Meetup November 2020Melbourne Virtual MuleSoft Meetup November 2020
Melbourne Virtual MuleSoft Meetup November 2020
 
Unleash MuleSoft Platform for Enterprise Healthcare Solutions
Unleash MuleSoft Platform for Enterprise Healthcare SolutionsUnleash MuleSoft Platform for Enterprise Healthcare Solutions
Unleash MuleSoft Platform for Enterprise Healthcare Solutions
 

Mais de Patryk Bandurski

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Warsaw MuleSoft Meetup #16 DF Tour.pptx
Warsaw MuleSoft Meetup #16 DF Tour.pptxWarsaw MuleSoft Meetup #16 DF Tour.pptx
Warsaw MuleSoft Meetup #16 DF Tour.pptxPatryk Bandurski
 
Warsaw MuleSoft Meetup #15 - Hyperautomation with MuleSoft - Composer 101
Warsaw MuleSoft Meetup #15 - Hyperautomation with MuleSoft - Composer 101Warsaw MuleSoft Meetup #15 - Hyperautomation with MuleSoft - Composer 101
Warsaw MuleSoft Meetup #15 - Hyperautomation with MuleSoft - Composer 101Patryk Bandurski
 
Marketing Cloud integration with MuleSoft
Marketing Cloud integration with MuleSoftMarketing Cloud integration with MuleSoft
Marketing Cloud integration with MuleSoftPatryk Bandurski
 
MuleSoft CloudHub API Versioning
MuleSoft CloudHub API VersioningMuleSoft CloudHub API Versioning
MuleSoft CloudHub API VersioningPatryk Bandurski
 
Warsaw mulesoft meetup #9 mastering integration with salesforce
Warsaw mulesoft meetup #9 mastering integration with salesforceWarsaw mulesoft meetup #9 mastering integration with salesforce
Warsaw mulesoft meetup #9 mastering integration with salesforcePatryk Bandurski
 
Warsaw MuleSoft Meetup #7 - custom policy
Warsaw MuleSoft Meetup #7 - custom policyWarsaw MuleSoft Meetup #7 - custom policy
Warsaw MuleSoft Meetup #7 - custom policyPatryk Bandurski
 
Warsaw MuleSoft Meetup #6 - CI/CD
Warsaw MuleSoft Meetup #6 - CI/CDWarsaw MuleSoft Meetup #6 - CI/CD
Warsaw MuleSoft Meetup #6 - CI/CDPatryk Bandurski
 
Mule soft meetup warsaw november 13th, 2019
Mule soft meetup warsaw november 13th, 2019Mule soft meetup warsaw november 13th, 2019
Mule soft meetup warsaw november 13th, 2019Patryk Bandurski
 
MuleSoft approach to the integration - Warsaw MuleSoft Meetup
MuleSoft approach to the integration - Warsaw MuleSoft MeetupMuleSoft approach to the integration - Warsaw MuleSoft Meetup
MuleSoft approach to the integration - Warsaw MuleSoft MeetupPatryk Bandurski
 
Warsaw MuleSoft Meetup - Runtime Fabric
Warsaw MuleSoft Meetup - Runtime FabricWarsaw MuleSoft Meetup - Runtime Fabric
Warsaw MuleSoft Meetup - Runtime FabricPatryk Bandurski
 
MuleSoft Meetup Warsaw Group DataWeave 2.0
MuleSoft Meetup Warsaw Group DataWeave 2.0MuleSoft Meetup Warsaw Group DataWeave 2.0
MuleSoft Meetup Warsaw Group DataWeave 2.0Patryk Bandurski
 
MuleSoft Meetup Warsaw Group #1
MuleSoft Meetup Warsaw Group #1MuleSoft Meetup Warsaw Group #1
MuleSoft Meetup Warsaw Group #1Patryk Bandurski
 

Mais de Patryk Bandurski (13)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Warsaw MuleSoft Meetup #16 DF Tour.pptx
Warsaw MuleSoft Meetup #16 DF Tour.pptxWarsaw MuleSoft Meetup #16 DF Tour.pptx
Warsaw MuleSoft Meetup #16 DF Tour.pptx
 
Warsaw MuleSoft Meetup #15 - Hyperautomation with MuleSoft - Composer 101
Warsaw MuleSoft Meetup #15 - Hyperautomation with MuleSoft - Composer 101Warsaw MuleSoft Meetup #15 - Hyperautomation with MuleSoft - Composer 101
Warsaw MuleSoft Meetup #15 - Hyperautomation with MuleSoft - Composer 101
 
Marketing Cloud integration with MuleSoft
Marketing Cloud integration with MuleSoftMarketing Cloud integration with MuleSoft
Marketing Cloud integration with MuleSoft
 
MuleSoft CloudHub API Versioning
MuleSoft CloudHub API VersioningMuleSoft CloudHub API Versioning
MuleSoft CloudHub API Versioning
 
Warsaw mulesoft meetup #9 mastering integration with salesforce
Warsaw mulesoft meetup #9 mastering integration with salesforceWarsaw mulesoft meetup #9 mastering integration with salesforce
Warsaw mulesoft meetup #9 mastering integration with salesforce
 
Warsaw MuleSoft Meetup #7 - custom policy
Warsaw MuleSoft Meetup #7 - custom policyWarsaw MuleSoft Meetup #7 - custom policy
Warsaw MuleSoft Meetup #7 - custom policy
 
Warsaw MuleSoft Meetup #6 - CI/CD
Warsaw MuleSoft Meetup #6 - CI/CDWarsaw MuleSoft Meetup #6 - CI/CD
Warsaw MuleSoft Meetup #6 - CI/CD
 
Mule soft meetup warsaw november 13th, 2019
Mule soft meetup warsaw november 13th, 2019Mule soft meetup warsaw november 13th, 2019
Mule soft meetup warsaw november 13th, 2019
 
MuleSoft approach to the integration - Warsaw MuleSoft Meetup
MuleSoft approach to the integration - Warsaw MuleSoft MeetupMuleSoft approach to the integration - Warsaw MuleSoft Meetup
MuleSoft approach to the integration - Warsaw MuleSoft Meetup
 
Warsaw MuleSoft Meetup - Runtime Fabric
Warsaw MuleSoft Meetup - Runtime FabricWarsaw MuleSoft Meetup - Runtime Fabric
Warsaw MuleSoft Meetup - Runtime Fabric
 
MuleSoft Meetup Warsaw Group DataWeave 2.0
MuleSoft Meetup Warsaw Group DataWeave 2.0MuleSoft Meetup Warsaw Group DataWeave 2.0
MuleSoft Meetup Warsaw Group DataWeave 2.0
 
MuleSoft Meetup Warsaw Group #1
MuleSoft Meetup Warsaw Group #1MuleSoft Meetup Warsaw Group #1
MuleSoft Meetup Warsaw Group #1
 

Último

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Último (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

JWT Meetup Recap

  • 1. 06/10/2020 Warsaw MuleSoft Meetup Group JSON Web Token demystified
  • 2. 2 ● Introductions & Community Updates ● Introduction to JWT ● JSON Validation Policy ● Consuming service with JWT validation policy ● Quiz & Lottery ● What’s next & Close Agenda
  • 5. 5 ● Subject Matter Expert at PwC Poland ● MuleSoft Ambassador ● MuleSoft Meetup Leader for Warsaw, Poland ● Working with MuleSoft products for over 8 years now ● One of Salesforce Trailblazers https://trailhead.salesforce.com/trailblazers/patryk-bandurski Organizer / Speaker Check out my integration blog https://ambassadorpatryk.com/blog
  • 6. Share the event 6 ● Share the Meetup in your social media ● Use Hashtags #MuleSoftMeetup #WarsawMuleSoftMeetup Thanks 
  • 8. 8 MuleSoft CONNECT:Now MuleSoft CONNECT:Now is a virtual experience bringing you a full program of technical sessions and content, streamed online for free! Register for free: https://connect.mulesoft.com
  • 9. 9 Developer Meetups at CONNECT:Now events Meet the MuleSoft Community! ● Hear technical use cases from customer and partner MuleSoft experts around the globe ● Live chat with MuleSoft Ambassadors! JOIN ONLINE FOR FREE: EMEA: October 8, 2020 AMER: October 13, 2020 APAC: October 20, 2020 Register: https://connect.mulesoft.com/
  • 10. Check out the technical presentations below: Developer Meetup at CONNECT:Now EMEA ● Twitter ○ Felipe Ocadiz, MuleSoft Ambassador, IT Integration Engineer ○ How to become an Anypoint Studio ninja ● Saint-Gobain ○ Francis Edwards, MuleSoft Ambassador, Integration Analyst ○ Useful integration tools JOIN FOR FREE: October 8, 2020 (10:30am-11:15am BST) Register: https://connect.mulesoft.com/events/connect/emea
  • 11. Check out the technical presentations below: Developer Meetup at CONNECT:Now Americas ● AT&T ○ Brad Ringer, Principal System Engineer ○ MuleSoft Runtime Fabric: The road to success ● MuleSoft Ambassadress ○ Alexandra Martinez, Sr. MuleSoft Developer, Bits in Glass ○ Reviewing a complex DataWeave transformation JOIN FOR FREE: October 13, 2020 (10:30am-11:15am PDT) Register: https://connect.mulesoft.com/events/connect/amer
  • 12. Check out the technical presentations below: Developer Meetup at CONNECT:Now JAPAC ● Datacom ○ Mary Joy Sabal, Sr. Integration Developer ○ Using Maven Archetypes to create MuleSoft API Project Templates ● MuleSoft Ambassador ○ Sravan Lingam, Consultant, Virtusa ○ Create a virtual Tic-Tac-Toe game using Object Store v2 JOIN FOR FREE: October 20, 2020 (2:30pm-3:15pm AEDT) Register: https://connect.mulesoft.com/events/connect/japac
  • 13. 13 Follow Mariana Lemus on LinkedIn
  • 14. MuleSoft Ambassadors ● People to learn from ● Active in the MuleSoft Community ● Worth following ● 20 MuleSoft Ambassadors: https://developer.mules oft.com/dev/ambassado rs 14
  • 15. ● MuleSoft Partner Calendar MuleSoft Partnership ● Free online tutored Development Fundamentals available now! ● Visit Partnership Calendar https://www.mulesoft.com/integration-partner/program/calendar ● Other interesting calendars: 15
  • 17. JSON Web Token „JSON web token (JWT), pronounced "jot", is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Again, JWT is a standard, meaning that all JWTs are tokens, but not all tokens are JWTs.” Auth0 Docs https://tools.ietf.org/html/rfc7515
  • 18. JWS Structure ● JOSE Header ○ Algorithm used to sign ● Payload ○ Claims – statements about caller/user. We have registered claims, public claims and private claims. ● Signature ○ Signed encoded header and payload parts 18
  • 19. Payload part of JWS 19 Claim property Claim name Description Example iss Issuer Issuer of the JWT Me sub Subject Subject of the JWT (the user) Bob aud Audience Recipient for which the JWT is intended https://api.ambassadorpatryk.co m nbf Not Before Time before which the JWT must not be accepted for processing. Unix timestamp. 1516239022 iat Issued At Time at which the JWT was issued; can be used to determine age of the JWT. Unix timestamp. 1516239022 id Id Unique identifier; can be used to prevent the JWT from being replayed (allows a token to be used only once) b32737dc-adb0-4faf-8e38- 7d0478f18a2e exp Expiration Time identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. Unix timestamp. 1516239022
  • 20. Signature base64urlEncoded(Header) + „.” + base64urlEncoded(Payload) 20
  • 22. JWT Validation Policy ● Supports ○ RS256, RS384, RS512 (RSA) ○ HS256, HS384, HS512 (HMAC) ● Supports registered claims and custom claims ● JWT Key ○ Static private value ○ Dynamicaly retrieved from JWKS ● Read more -> https://docs.mulesoft.com/api-manager/2.x/policy-mule4-jwt-validation 22
  • 23. RSA256 with extra validation • Registered claims • Private claims (mandatory, not mandatory) DEMO Setup JWT validation policy
  • 24. [DEMO] JWT Validation Policy Configuration ● Authorization header ● RSA 256 signing algorithm ● Public key static in policy 24
  • 25. [DEMO] JWT Validation Policy Configuration ● Do not validate client id ● Validate audience (aud) ○ Expected values one of ■ pl-lb.anypointdns.com ■ Api.patrykbandurski.com ■ test.patrykbandurski.com ● Expiration (exp) is mandatory ● Apply to all methods and resources 25
  • 26. [DEMO] JWT Validation Policy Generate JWS and place it in authorization header 400 Bad Request – no authorization header 401 Unauthorized – wrong token 26
  • 27. [DEMO] JWT Validation Policy 27 [jwt-validation-1111044-sfdc-jwt-xapi-main].1111044-client-id-enforcementDEBUG event:d87e0230-064c-11eb-a171-066db5e9ec56 Token was parsed successfully. [jwt-validation-1111044-sfdc-jwt-xapi-main].1111044-client-id-enforcementDEBUG event:d87e0230-064c-11eb-a171-066db5e9ec56 Ready to validate the signature of the token. [jwt-validation-1111044-sfdc-jwt-xapi-main].1111044-client-id-enforcementDEBUG event:d87e0230-064c-11eb-a171-066db5e9ec56 Token signature successfully validated. [jwt-validation-1111044-sfdc-jwt-xapi-main].1111044-client-id-enforcementDEBUG event:d87e0230-064c-11eb-a171-066db5e9ec56 Validating aud claim. [jwt-validation-1111044-sfdc-jwt-xapi-main].1111044-client-id-enforcementDEBUG event:d87e0230-064c-11eb-a171-066db5e9ec56 The server did not identify with the any of the audiences '[aapi.patrykbandurski.com].' DEBUG com.mulesoft.extension.policies.jwt on logging
  • 28. [DEMO] JWT Validation Policy 28 ● jwt.io ● Generate token ● Aud, iat, exp ● Public & private key ● Remember! Do not use online tools to generate
  • 29. [DEMO] JWT Validation Policy 29 ● Required and optional private claims ● Static comparison ● Complex expression with DataWeave Required claim email is not present in the JWT. Token will be rejected.
  • 30. [DEMO] JWT Validation Policy 30 ● Non mandatory claims. ○ Validate when claim name prasent ○ Can be complex – DataWeave – example roles is an Array haveing at least one item. Available values are USER, ADMIN or CONTRIBUTOR ○ Refer to claim via vars.claimSet.[claim- name] In case of failed condition, this will be saved in the log file "Condition ... not met"
  • 31. JWKS (JSON Web Keys Set) ● Set of keys contains the public keys used to verify any JWT ● JWK (JSON Web Key) – JSON object representing a cryptographic key ● Rotation of the keys at ease ● Key retrieved dynamically 31
  • 32. JWK { "kty": "RSA", "e": "AQAB", "alg": "RS256", "kid": "uniqueid", "n": "lgyuFifEOODgA4rZP2gQUunm_nM4G5a9aHoLkEosrMPuD4 LClPbke9nn0LUJ4H-M_3rX9- yXhjzhjrduUDcImVMBATN7UsYOxYOZvqUjRf72y1eNjIWMnLBCWB uQZrhqN73ttCOJLg28llI- 65XDfd6qeOlSlGWQD1YSGjX8cHDXoADXOpKrwPZy1ghkJMMtsvFx QNJd8hVvmzPlq-jefOXFOcsBjCB- QQkA3Lty0dScKPKfFQVooZxVhqU_r2wrSvviAdl8pN5yKmhcmT9S 9Ke-mfpJXOnYB9y3Z9xRb0RFQBhrDBLNEc1TDCeRX2RZ- A9pUJ0IbG-b-rFlQYjNOw" } 32
  • 33. Working with JWKS ● Provide url to JWKS – publicly available ● 503 Service Unavailable– JWKS is not accessible ● 401 Unauthorized – signing error 33
  • 34. RSA256 using JSON Web Keys Set DEMO Setup JWT validation policy
  • 35. [DEMO] JWT Validation Policy - JWKS ● JWKS service ● Standard which allows customer to rated public keys 35
  • 36. [DEMO] JWT Validation Policy - JWKS ● URL to JWKS 36
  • 37. [DEMO] JWT Validation Policy - JWKS { "keys": [ { "kty": "RSA", "e": "AQAB", "alg": "RS256", "kid": "uniqueid", "n": "…" } ] } 37 JSON Web Keys Set:
  • 38. Consume 3rd party service with JWT Validation Policy
  • 39. Generating JWS in Mule ● No native support in MuleSoft ● Salesforce OAuth JWT authentication mechanism ● Custom code: ○ JAVA ■ JJWT library https://github.com/jwtk/jjwt ○ Ruby ■ ruby-jwt library https://github.com/jwt/ruby-jwt ● Mule Custom Component: ○ JWT Component Extension https://github.com/dyeeye/jwt-component
  • 40. JJWT sample code JwtBuilder builder = Jwts.builder() // (1) .setIssuer(claims.getIssuer()) // (2) .setSubject(claims.getSubject()) .setAudience(claims.getAudience()) .setNotBefore(claims.getNotBefore()) .setIssuedAt(claims.getIssuedAt()) .setId(claims.getId()); String jws = builder .signWith(privKey, SignatureAlgorithm.valueOf(algorithm)) // (3) .compact(); // (4) 40
  • 41. JWT Component ● Supports signing algorithms ○ RSA 256, 384 and 512 ○ HMAC 256, 384 and 512 ● Claims ○ Registered ○ Private ● Visual support in Anypoint Studio ● Reads keystore from classpath 41
  • 42. Service secured with JWT Validation Policy RSA DEMO Consume service
  • 44. [DEMO] Generating JWT ● Removed expected expiration claim ● 401 in return 44
  • 46. Quiz
  • 47. Trivia Quiz ● Quiz parts: ○ Three warm-up questions (you won’t get point from them) ○ Five questions (for points) ● Remember! ○ The quicker you respond more point you earn ○ Only good answers count  47 Three winners of today’s quiz receives: Free voucher for MuleSoft online training and exam
  • 48. Lottery ● How it works? ○ I call API that selects randomly three winners among checked-in attendees. ○ I will ask winners by Name & Surname for the email ● Remember! ○ Prize is sponsored by 48 Three winners of today’s lottery receives: Amazon Voucher for 50$
  • 49. Congratulation ● Congratulation to all the winners ○ of the Quiz ○ of the lottery ● Remember to send your email address to the organizer via chat window! 49
  • 51. Share your knowledge ● Become a speaker and share your knowledge with our community ● Submit your idea via this form: https://tinyurl.com/become-speaker via email patryk.bandurski@gmail.com or 51
  • 52. 52 ● Share: ○ Tweet using the hashtag #MuleSoftMeetups ○ Invite your network to join: https://meetups.mulesoft.com/warsaw/ ● Feedback: ○ Fill out the survey feedback and suggest topics for upcoming events ○ Contact MuleSoft at meetups@mulesoft.com for ways to improve the program What’s next?
  • 53. See you next time