The learning curve for REST API security is severe and unforgiving. Specifications promise infinite flexibility, habitually give old concepts new names, and almost seem designed to deliberately confuse. With an aggressive distaste for fancy terminology, this session delves into OAuth 2.0 with and without JWT for user identity; AWS-style security for B2B with API keys; and OAuth 2.0 Proof of Possession, which merges both into two-factor bliss. Using a baseline microservice architecture, the presentation compares them, with a heavy focus on the wire, showing actual HTTP messages and analyzing their impact on load and security. Starting with basic authentication and a brief intro to hashing and signing, this is the perfect session to align the whole team.
15. @radcortez @ivanjunckes @tomitribehttps://www.tomitribe.com/codeone/dev6001/
How to solve it
● Generation is the realistic solution
● Tool with Client, CLI and Documentation
● The client will help you call the services from different apps
● The Command-line Interface will help access the services without code
● Your services will have up to date docs