Have you ever searched for "how to authenticate an API call" and been confused by the dizzying array of techniques, terminology, jargon, and acronyms that come back?

This session is designed for anyone that's struggling to make sense of modern authentication options. You'll learn the differences between OAuth, API Keys, HMAC, JSON Web Tokens (JWT), SAML, OpenID Connect, and passkeys using Webauthn. Each technique will be explained in a clear, practical, easy-to-understand way.

This session focuses on core concepts, not code, and is accessible to anyone that works with technology.

I've been a "security minded" developer for many years and remember being very frustrated and confused when I couldn't find a clear, easy-to-follow guide to picking an authentication strategy for my apps.

Since then I've done a bunch of research and worked with a bunch of different security techniques, so I designed this as the clear, easy-to-follow guide that I so desperately wanted back then. I think it will help a lot of developers (and non-devs) understand how things work at a fundamental level.