Pragmatic OpenID Connect

Do you create a BFF (Back End For Front End) each time to manage authentication on the front end? This can lengthen your 'Time to Market' and cost you more than necessary: it's all about finding the right balance !In this presentation, which will be quite technical, we will introduce the OpenID Connect protocol, the OIDC client-side architecture, as well as its server-side competitor and ally. We will explain, through numerous demonstrations, how JWT key exchanges work and describe the pros and cons of each mode.Next, we will explore, again with demonstrations, the Service Worker mode of the @axa-fr/oidc-client library, which hides the tokens from the JavaScript client.Finally, we will conclude by explaining the concept of 'Demonstrating Proof of Possession' (DPoP), a killer feature that makes your tokens unusable outside the browser context, thanks to the WebCrypto API. Prepare your brains: it will be educational, progressive, but decidedly technical!