Implementing Modern Identity

and Sign In with Apple

Ado Kukic

Developer Evangelist

Auth0

@kukicado

Identity Management Used to be Easy*

* Not really

@kukicado

@kukicado

{ username / password }

{ sid 123 }

@kukicado

{ sid 123 }

{ html }

@kukicado

Modern Auth is Complex

Grant Types

Scopes

Auth Flows

@kukicado

OAuth 2.0

An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

An open standard for access delegation.

@kukicado

OpenID Connect

An authentication layer built on top of OAuth 2.0, allowing clients to verify the identity of an end-user based on the authentication performed by an authorization server.

@kukicado

An authentication layer built on top of OAuth 2.0

OAuth 2.0 Roles

Resource Owner

The entity that can grant access to a protected resource. Typically this is the end-user.

Resource Server

The server hosting the protected resources. This is the API you want to access.

Client

The app requesting access to a protected resource on behalf of the Resource Owner.

Authorization Server

The server that authenticates the Resource Owner, and issues tokens.

Traditional

Web Application

Authorization Code Flow

@kukicado

Baseline

{ html }

@kukicado

/callback?code={123}

{ tokens }

{ sid 123 }

Authentication

@kukicado

{ html }

Authenticated

@kukicado

Public Clients

Android, iOS, SPA, Desktop

Authorization Code with PKCE Grant Flow

@kukicado

Baseline

{ json }

@kukicado

Authentication

{ code_challenge }

code={123}

@kukicado

Authentication

{ code={123} code_verifier }

@kukicado

Authenticated

{ json }

{ json }

@kukicado

Refresh Token

@kukicado

 

Summary

 

@kukicado

Modern authentication is complex.

OAuth 2.0 offers solutions / flows for most use cases.

Implementing OAuth 2.0 can provide a competitive advantage.

 

Resources

 

@kukicado

OAuth 2.0 Official Website

https://oauth.net/2/

 

OAuth 2.0 Complete Guide

http://bit.ly/oauth-complete

 

Implementing Sign In With Apple with Auth0

http://bit.ly/auth0-apple

 

Thank You!

Demo Time

@kukicado

Made with Slides.com