Now that you have built your API, how do you let the right people have access to the right API at the right time? This talk covers the basics of API access management and then does a deep dive into modern authorization architectures.
29. What can go wrong?
•Compromise of client secret
8
Monday, November 4, 13
30. What can go wrong?
•Compromise of client secret
•Compromise of access tokens (server)
8
Monday, November 4, 13
31. What can go wrong?
•Compromise of client secret
•Compromise of access tokens (server)
–Developer rests client secret
8
Monday, November 4, 13
32. What can go wrong?
•Compromise of client secret
•Compromise of access tokens (server)
–Developer rests client secret
–All access tokens are invalidated
8
Monday, November 4, 13
33. What can go wrong?
•Compromise of client secret
•Compromise of access tokens (server)
–Developer rests client secret
–All access tokens are invalidated
–Refresh tokens still work, but require new secret
8
Monday, November 4, 13
34. What can go wrong?
•Compromise of client secret
•Compromise of access tokens (server)
–Developer rests client secret
–All access tokens are invalidated
–Refresh tokens still work, but require new secret
•Compromise of access token (client)
8
Monday, November 4, 13
35. What can go wrong?
•Compromise of client secret
•Compromise of access tokens (server)
–Developer rests client secret
–All access tokens are invalidated
–Refresh tokens still work, but require new secret
•Compromise of access token (client)
–User revokes authorization
8
Monday, November 4, 13
36. What can go wrong?
•Compromise of client secret
•Compromise of access tokens (server)
–Developer rests client secret
–All access tokens are invalidated
–Refresh tokens still work, but require new secret
•Compromise of access token (client)
–User revokes authorization
•Resolution is self service
8
Monday, November 4, 13