Are you following the best practices for user authentication as of DateTime.Now? Best practices like getting JWTs using the PKCE flow? Are you protecting against token replay attacks by using DPoP? Is your JWT stored on the client or accessed through a BFF? So many questions., and so many acronyms making it hard to keep up with the latest-and-greatest practices for user authentication.

In this session we'll discuss the platform-agnostic answers to the above questions. Plus we'll review what patterns and concepts we should be following in any modern day systems we develop. By the end of the session you'll be able to answer the oh-so-very-important question, "How SHOULD user authentication be implemented today?"