Implementing Modern Identity

and Sign In with Apple

Ado Kukic

Developer Evangelist

Auth0

@kukicado

Identity Management Used to be Easy*

* Not really

@kukicado

{ username / password }

{ sid 123 }

@kukicado

{ sid 123 }

{ html }

@kukicado

Modern Auth is Complex

Grant Types

Scopes

Auth Flows

@kukicado

OAuth 2.0

An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

An open standard for access delegation.

@kukicado

OpenID Connect

An authentication layer built on top of OAuth 2.0, allowing clients to verify the identity of an end-user based on the authentication performed by an authorization server.

@kukicado

An authentication layer built on top of OAuth 2.0

OAuth 2.0 Roles

Resource Owner

The entity that can grant access to a protected resource. Typically this is the end-user.

Resource Server

The server hosting the protected resources. This is the API you want to access.

Client

The app requesting access to a protected resource on behalf of the Resource Owner.

Authorization Server

The server that authenticates the Resource Owner, and issues tokens.

Traditional

Web Application

Authorization Code Flow

@kukicado

Baseline

{ html }

@kukicado

/callback?code={123}

{ tokens }

{ sid 123 }

Authentication

@kukicado

{ html }

Authenticated

@kukicado

Public Clients

Android, iOS, SPA, Desktop

Authorization Code with PKCE Grant Flow

@kukicado

Baseline

{ json }

@kukicado

Authentication

{ code_challenge }

code={123}

@kukicado

Authentication

{ code={123} code_verifier }

@kukicado

Authenticated

{ json }

@kukicado

Refresh Token

@kukicado

Summary

@kukicado

Modern authentication is complex.

OAuth 2.0 offers solutions / flows for most use cases.

Implementing OAuth 2.0 can provide a competitive advantage.

Resources

@kukicado

OAuth 2.0 Official Website

https://oauth.net/2/

OAuth 2.0 Complete Guide

http://bit.ly/oauth-complete

Implementing Sign In With Apple with Auth0

http://bit.ly/auth0-apple

Thank You!

Demo Time

@kukicado

Implementing Modern Identity

and Sign In with Apple

Ado Kukic

Developer Evangelist

Auth0

@kukicado

Identity Management Used to be Easy*

Modern Auth is Complex

Grant Types

Scopes

Auth Flows

OAuth 2.0

OpenID Connect

OAuth 2.0 Roles

Traditional

Web Application

Authorization Code Flow

Baseline

Authentication

Authenticated

Public Clients

Android, iOS, SPA, Desktop

Authorization Code with PKCE Grant Flow

Baseline

Authentication

Authentication

Authenticated

Refresh Token

Summary

Resources

Thank You!

Demo Time

DT-X Talk

DT-X Talk

Ado Kukic

Implementing Modern Identity

and Sign In with Apple

Ado Kukic

Developer Evangelist

Auth0

@kukicado

Identity Management Used to be Easy*

Modern Auth is Complex

Grant Types

Scopes

Auth Flows

OAuth 2.0

OpenID Connect

OAuth 2.0 Roles

Traditional

Web Application

Authorization Code Flow

Baseline

Authentication

Authenticated

Public Clients

Android, iOS, SPA, Desktop

Authorization Code with PKCE Grant Flow

Baseline

Authentication

Authentication

Authenticated

Refresh Token

Summary

Resources

Thank You!

Demo Time

DT-X Talk

More from Ado Kukic