Hi, I'm Mehul Patel and I specialize in Information Technology and Services. I’m passionate about what I do. I am a Developer Tech by profession, an open source enthusiast, Linux geeky and a maker by heart. https://about.me/rowdymehul
Serverless authentication with jwt
- I am Mehul Patel
- Engineer at Zimbra
- Mozilla Reps Mentor
- Auth0 Ambassador
- Rust Mobilizer
- Co-founder of IDF
What & why
Focus on code, not servers
Image credits: keycdn.com
Image source: Google
Image source: softwareengineeringdaily.com
All you need is code!
Run code with an HTTP call.
No provisioning. No deployment.
Let's talk about JWT
Further, let's explain some concepts.
When should you use JSON Web Tokens?
1. Information Exchange
What is the JSON Web Token structure?
Below is an encoded JSON Web Token:
// Token structure header.payload.signature // A real world token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
Image Source: StackOverflow
How an application uses JWT to verify the authenticity of a user.
Image source: medium.com
Let's make it easy with ...
Let's take one Example...
Another example ...
Image source: auth0/docs
What is OAuth 2.0?
An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
OAuth 2.0 roles
Resource Owner: the entity that can grant access to a protected resource. Typically this is the end-user.
Resource Server: the server hosting the protected resources. This is the API you want to access.
Client: the app requesting access to a protected resource on behalf of the Resource Owner.
- Authorization Server: the server that authenticates the Resource Owner, and issues Access Tokens after getting proper authorization. In this case, Auth0.
ServerlessDays Milano 2018
By Mehul Patel