Ben is a software engineer with a huge passion for developer communities, and has been running grassroots meetups and conferences for almost two decades. Coding since the age of seven, he wrote his own identity and access management system for MS-DOS 3.0 and Windows 3.1 at the age of 15. He enjoys helping developers find the joy of experimentation by pushing tools to do things they weren't designed for, or developers to do things that might seem wrong.
English session - Intermediate
JSON Web Tokens, or JWTs, are a convenient way to bundle up a set of data (called claims), that can be relied upon by intended recipients such as APIs and Databases. They're verified through signatures and can be used in off-line environments!
The chances that things will go wrong are slim. Right?
Let's look at ways in which JWT implementations can go wrong, through live demos, and learn how to make sure we can trust these handy payloads.
English session - Beginner
We identify ourselves to websites daily, but as nearly ten billion leaked account details in "';--have i been pwned?" attest to, this process has a fatal weakness: passwords. Public key cryptography is the ideal goal, but until now it's been user unfriendly.
WebAuthn is a standard from the W3C and FIDO that solves this, while making it easy for website users, but how does it work, and how can you use it today?
Let's find out. Demo included!