OAuth Well Played – Mods and Combos for the Cloud Native API Security Game

A talk given by Curity's Judith Kahrer at the Nordic APIs 2024 Platform Summit.

Cloud native APIs are the product of orchestrated distributed microservices that can disappear and respawn at any time. The question is, how can one microservice trust the others in such a dynamic environment? How do I know that I’m talking with one of my microservices and not a malicious one? More importantly, how can I trust incoming requests and perform adequate authorization in a microservice to avoid security incidents?

In this talk Judith loots documents of the OAuth 2.0 family of standards for useful patterns that can combine cloud native practices with OAuth. The goal is to craft a security architecture for APIs that utilizes common cloud native technologies like API gateways and workload identities for various extensions of the OAuth protocol to demonstrate how to implement zero-trust in a modern way.

Further Reading:

Cloud Native Data Security with OAuth: A Scalable Zero Trust Architecture

More Live presentations videos

How to Build a Fortress with the Security of a Tent
Who Needs That FAPI Thing, Anyway?
Panel Discussion: API Authorization
The Swedish Chef Would Be Proud: Cooking up a Secure API in Minutes – Instructions Included
Show Me Your Wallet to Tell Me Who You Are - Using Verifiable Credentials with OAuth
Ditch the Browser, Native API-Driven App Authentication with Passkeys
Military-Grade Security for APIs
Decentralized Identities Changes Everything, Even Your APIs
Addressing Top API Security Risks
Browserless OAuth Flows in Mobile Apps Using a Hypermedia API
OAuth and OpenID Connect - What's next?
Curity on ProgrammableWeb's Developers Rock Podcast
OAuth Tokens As Your Identity API
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
Jacob Has a Horse, Says Travis – a Tale of Truths In a Microservice Architecture
Scalable API Security Using OAuth
Financial Grade APIs Using OAuth and OpenID Connect
Security Is a Concern, Let’s Make It an Enabler
Securing APIs in a Cloud Native Environment Using OAuth
Securing APIs and Microservices with OAuth and OpenID Connect
OAuth and OpenID Connect for PSD2 and Third-Party Access