Nahid Farrokhi
.NET Developer @Microsoft
Toronto, Canada
Actions
Nahid (N-au-H-ee-D) here. I am a software engineer by training, and I have been enjoying to work in this field for the last fifteen years or so. My passion is distributed architecture, web security and all the crazy chaos in the software world.
When away from my desk, I enjoy painting, travelling, hiking and mountain climbing.
Area of Expertise
Topics
Common mistakes and misconceptions in Web Application Security using OAuth 2.0 and OpenId Connect
Authorization and authentication are two of main problems on modern web application’s security,. They were both solved by OAuth 2.0 and OpenId Connect(OIDC). But this is not the end of story. Like most things, the devil is in the details.
OAuth 2.0 is an open standard for authorization. OpenID Connect extends OAuth 2.0 for authentication scenarios. Anyone can implement them. Considering them being fundamentally complicated, and variety of implementation, this may cause developers making some mistakes. I want to discuss some details in the specs which may lead to misconceptions and also go over common mistakes. For demo the implementation I use IdentityServer4 which is one of most popular open source frameworks for OpenID Connect and OAuth 2.0 on ASP.NET Core.
API team characteristics and best practices
After years of designing and developing APIs, I realized the value of API teams as a key component to build and manage APIs.
What do API teams do? In “API-as-a-Product”(AaaP) approach, API teams maintain close communication with product customers and developers using their product while they create an API program.
This enables API teams to design API based on customers needs. API program will eventually become a strong product that will survive longer in a world with ever-changing innovations and fierce competition.
Considering structural differences in organizations, I will focus to discuss the main characteristics and best practices based on scope of responsibilities for each role.
I will also demonstrate examples of output artifacts created by each member of API teams in the API program.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top