A slightly different speaking experiance as the world tries to contiue during COVID. I swapped Helsinki for my home office to provide content for the first virtual API Days event. The on-site conference has been re-scheduleded for September (which sadly I can’t attend). Prerecording the talk to an audience of one was odd but it did make it easier to respond to any questions in the chat during the talk.

Presenting: Identity as Code

Abstract: Users now have more complex identities than ever before; federated accounts, second-factor authentication, and multiple devices all these conditions need to be tested, but how? This talk will examine the minefield of identity and authentication in your pipeline and how your team can traverse this to ensure that you are testing all the conditions without resorting to manual steps.

RT @mraible: 11 security patterns for microservice architectures – all in one handy guide!

🏛 https://t.co/WGjVjsFaxv

Huge thanks to @crichardson and @rob_winch for reviewing and providing detailed feedback. 🙏

#microservices #architecture #security #securitypatterns

That moment when you run through a forgotten password flow and not only are you emailed the plaintext password but its the first x characters of the value in your password manager #facepalm

Probably the most common query I get with @okta is how to manage change between different environments. Configuration as code, identity should be treated the same as any other component of your application.
https://t.co/osXTm3J6jJ

Presenting: Customers in the Crosshairs

Abstract: As users now expect more from the organisations they interact with online managing the identity of your customers is becoming much more complex. Password dumps, multiple devices and poor MFA adoption put pressure on security and development teams. All the time your competition is waiting in the wings to offer an alternative if your offering doesn’t meet the customer’s expectations.

Presenting: OAuth by Example Workshop

Abstract: Authentication and authorization has come a long way in the last ten years. Are you still rolling your own identity? Don’t know the differences between the authorization code grant from and the client credentials grant? Do you want to accept social authentication to your service but you’re not sure how?

Join Andy March as we review OAuth and OIDC, their history, the problems they solve and how you can apply them to your services. This workshop will guide you through configuring Okta as an identity provider, deploying a simple web app enforcing authentication and authorization.

I’m excited to be speaking at #APIDaysParis next week. Join me for our ‘OAuth by Example’ workshop on Monday as well as the CIAM focused ‘Customers in the Crosshairs’ on Tuesday.