OAuth2 Token Exchange for Microservice API Security - Ahmet Soormally & Letz Yaara, Tyk

  Рет қаралды 1,295

CNCF [Cloud Native Computing Foundation]

CNCF [Cloud Native Computing Foundation]

Күн бұрын

Don't miss out! Join us at our next Flagship Conference: KubeCon + CloudNativeCon North America in Salt Lake City from November 12 - 15, 2024. Connect with our current graduated, incubating, and sandbox projects as the community gathers to further the education and advancement of cloud native computing. Learn more at kubecon.io
OAuth2 Token Exchange for Microservice API Security - Ahmet Soormally & Letz Yaara, Tyk
APIs need a way to authenticate, authorize and propagate identity between services. Load Balancers, API Gateways, ingress and chained microservice calls make propagating identity and authorization in a secure manner significantly more complex. In this session, we will dive into typical OAuth2.0 flows with practical examples using Keycloak. We will then illustrate some of the challenges you will face applying OAuth2 in a microservice environment, alongside the typical workarounds or hacks that are seen in the wild. We will discuss advantages and drawbacks of each approach, and most importantly highlight potential vulnerabilities. Finally, we will present a relatively new standard known as the OAuth2 Token Exchange RFC8693 as a recommended approach to authorization and propagating identity using Keycloak to demonstrate. Key Points: - OAuth 2.0 Essentials - Live Demo: with shortcomings applying OAuth2 in a microservice environment - Token Exchange RFC8693 Importance

Пікірлер: 2
Getting API security right - Philippe De Ryck - NDC London 2023
51:49
NDC Conferences
Рет қаралды 27 М.
How to Secure Your Microservices Architecture With JSON Web Tokens
1:00:13
НИКИТА ПОДСТАВИЛ ДЖОНИ 😡
01:00
HOOOTDOGS
Рет қаралды 3,1 МЛН
小丑揭穿坏人的阴谋 #小丑 #天使 #shorts
00:35
好人小丑
Рет қаралды 29 МЛН
Is Your Image Really Distroless? - Laurent Goderre, Docker
18:48
CNCF [Cloud Native Computing Foundation]
Рет қаралды 1,7 М.
Cilium’s Evolution: The Founding Story of Cilium
50:17
Isovalent
Рет қаралды 2,8 М.
Top 12 Tips For API Security
9:47
ByteByteGo
Рет қаралды 116 М.
Everything You Ever Wanted to Know About OAuth and OIDC
33:21
Единый сервис авторизации SSO OAuth2.0
17:22
Архитектор ПО. Александр Желнин
Рет қаралды 25 М.
Microservice Authentication and Authorization | Nic Jackson
1:05:43
DevOps Conference
Рет қаралды 78 М.
Designing the Right Security Architecture for your APIs (Cloud Next '19)
44:47
Future smartphone😀#youtubeshorts #smartphone #unboxing
0:24
E Zone
Рет қаралды 4,2 МЛН
Гаджет из даркнета 📦
0:45
serg1us
Рет қаралды 457 М.
Whats the worst device?
0:37
Adhemz
Рет қаралды 2,3 МЛН