Are you following "Best Practices" for authenticating users? Like getting JWTs using the PKCE flow? And are you protecting against token replay attacks using DPoP? Is your JWT stored on the client or accessed through a secure BFF? So many questions, and so many acronyms, make it hard to keep up with the latest-and-greatest practices for user authentication.

In this session we'll discuss what constitutes today's "Best Practices" for securely authenticating users. Plus we'll review what patterns and concepts we should follow in any modern day systems we develop. By the end of the session you'll be able to answer the oh-so-very-important question, "How SHOULD user authentication be implemented today?"