Web applications have moved on from a traditional web protection and authorization model. Modern web applications present a few challenges for authentication that are difficult to solve using conventional methods. Modern web applications often deploy in an AJAX / Single Page Application (SPA) model and leverage a complex combination of microservices APIs and standard web URL calls. The integration of traditional web sessions with OAuth tokens introduces a number of functional disconnects with respect to centralized session management, OAuth JWT token management, error handling, logout handling, and cross-origin resource sharing (CORS). This session will delve into the functional models and demonstrate some of the common failures that can arise. With examples using PingFederate and PingAccess, KPMG will provide some leading practices for the creation and integration of modern web application components into a secure infrastructure.