Fireside Chat About OAuth 2.0 • Aaron Parecki & Eric Johnson • GOTO 2021

29:10 1738 views 98% Published 5 months ago

This presentation was recorded at GOTOpia February 2021. #GOTOcon #GOTOpia

Aaron Parecki - Senior Security Architect at Okta
Eric Johnson - Senior Developer Advocate at AWS Serverless

Take a deep dive into some advanced OAuth 2.0 processes and pitfalls like redirect URLs and state property.
Join Aaron Parecki, author of the book OAuth 2.0 Simplified (, and Eric Johnson, senior developer advocate at AWS for a fireside chat where they discuss some of the main reasons to use the OAuth 2.0 framework, that has already become an industry standard, and what it takes to build a secure web server [...]

00:00 Intro
01:14 What is OAuth?
02:07 Difference between AuthZ & AuthN
04:55 Is JSON Web Token (JWT) OAuth?
06:16 The history of OAuth
17:37 A good level of security
21:30 Difference between timeout & verification of use
23:46 Changes in OAuth 2.1
27:12 What is PKCE?
28:50 Outro

Read the full abstract here:

Aaron Parecki • OAuth 2.0 Simplified •
Aaron Parecki • OAuth 2.0 Servers •
Aaron Parecki • The Little Book of OAuth 2.0 RFCs •
Erdal Ozkaya • Cybersecurity: The Beginner's Guide •
Richer & Sanso • OAuth 2 in Action •
Wilson & Hingnikar • Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0 •
#OAuth2 #OAuth #Security #Privacy #SecureWebServer #AWS #Serverless #Okta #AWSserverless #AuthZ #AuthN #OpenIDconnect #OpenID #Cybersecurity #Encryption #JWT #JSONWebTokens #RFC #PKCE

Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at

SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.

Watch on YouTube