n today's cloud and SaaS landscape, implementing secure authentication for web applications and APIs is paramount. This session presents a modern approach leveraging Azure Active Directory (Azure AD) and the Proof Key for Code Exchange (PKCE) extension to the OAuth 2.0 standard.
Attendees will learn about a "zero trust" authentication flow that explicitly verifies user identity per session, adhering to principles like least privilege access for enhanced security. The session will cover implementing the authorization code flow with PKCE for secure token acquisition, optimized with token caching and refreshing mechanisms.

By the end, attendees will gain insights into building a seamless, secure authentication experience for their web applications, leveraging Azure's modern cloud identity platform and promoting trust in the digital landscape.