Embed Size (px)
Citation preview
CODESNACK@OK
Microsercicesand JWT
Lars RöwekampCIO New Technologies
@mobileLarson@_openknowledge
#WISSENTEILEN
#WISSENTEILEN
Microservices & JWT
Microservices & JWT
#WISSENTEILEN
Authentication vs. Authorization
• Authentication a.k.a. „Hotelrezeption“• Authorization a.k.a. „Zimmerschlüssel“
Microservices & JWT
#WISSENTEILEN
Authentication vs. Authorization
• 401 „Unauthorized“meint eigentlich „Unauthenticated“!
• 403 „Forbidden“meint eigentlich „ Unauthorized“!
Microservices & JWT
#WISSENTEILEN
Server basedvs.
Token based Security
#WISSENTEILEN
Microservices & JWT
Microservices & JWT
#WISSENTEILEN
Server based vs. Token based Security
• Sessions• Skaliebarbeit• CORS (cross-origin resource sharing)• CSRF (cross-site request forgery)
#WISSENTEILEN
Microservices & JWT
Microservices & JWT
#WISSENTEILEN
Server based vs. Token based Security
• Stateless• Token statt Cookie (keine CSRF Attacken)• Individual Expiration (via Claim)• Friend to Friend Permissions (Facebook & Co)
Microservices & JWT
#WISSENTEILEN
JSON Web Token
• neue, einfache Spec• sehr kompakt• Token plus public & private „Claims“
• digitale Signatur und/oder Encryption
#WISSENTEILEN
Microservices & JWT
#WISSENTEILEN
Microservices & JWTWarumJWT?
• ...vs.SWT• ...vs.SAML
• public/privateKeys• extremkompakt• JSON
Microservices & JWT
#WISSENTEILEN
JSON Web Token & API Goals
1. Authorize Request2. Verify Sender3. Avoid Man in the Middle4. Expiration5. Request Cloning
#WISSENTEILEN
demo$ microservicesdemo$ jwt_securitydemo$ |
#WISSENTEILEN
Microservices & JWT
#WISSENTEILEN
Microservices & JWT
#WISSENTEILEN
Microservices & JWT
#WISSENTEILEN
Microservices & JWT
#WISSENTEILEN
#WISSENTEILEN
? # !
Bildernachweis
#WISSENTEILEN
#19: © marekuliaz - shutterstock.com
All other pictures inside this presentation orginatefrom pixabay.com or were created by my own.
#WISSENTEILEN
LARS RÖWEKAMPCIO NEW TECHNOLOGIES
[email protected]+49 (0)441 4082 – 0
@mobileLarson@_openknowledge
OFFENKUNDIGGUT
