Authentifizierung für SPA und Micro Frontends neu gedacht: Einfach und sicher dank Gateways

 
German Intermediate Main Conference

Der Browser ist kein sicherer Ort. Zahlreiche Angriffe erlauben das Entwenden geheimer Informationen. Deswegen empfiehlt mittlerweile sogar die OAuth 2 Arbeitsgruppe, Security-Tokens lediglich serverseitig zu verstauen. Diese Idee lässt sich mit Gateways äußerst elegant, sicher und aus Sicht der Browser-Anwendung auch denkbar einfach realisieren. In dieser Session besprechen wir, was hinter diesen Überlegungen steckt und wie wir sie mit modernen Mitteln realisieren können. Dazu koppeln wir eine Angular-basierte Micro-Frontend-Lösung über ein Gateway mit Azure Active Directory. Das Gateway wird mit YARP, Microsofts Reverse Proxy für ASP.NET Core, realisiert. Am Ende wissen Sie, wie Sie diese Authentifizierungs-Architektur in Ihren Projekten nutzen können sowie auf was dabei zu achten ist.

Speaker

Manfred Steyer

Google Developer Expert focusing on Angular

Trainer and Consultant with focus on Angular. Google Developer Expert (GDE) for Angular and Trusted Collaborator in the Angular team. Writes for O'Reilly, Hanser and the German Java Magazine. Regularly speaks at conferences.

Code of Conduct

We seek to provide a respectful, friendly, professional experience for everyone, regardless of gender, sexual orientation, physical appearance, disability, age, race or religion. We do not tolerate any behavior that is harassing or degrading to any individual, in any form. The Code of Conduct will be enforced.

Who does this Code of Conduct apply to?

All live stream organizers using the Global Azure brand and Global Azure speakers are responsible for knowing and abiding by these standards. Each speaker who wishes to submit through our Call for Presentations needs to read and accept the Code of Conduct. We encourage every organizer and attendee to assist in creating a welcoming and safe environment. Live stream organizers are required to inform and enforce the Code of Conduct if they accept community content to their stream.

Where can I get help?

If you are being harassed, notice that someone else is being harassed, or have any other concerns, report it. Please report any concerns, suspicious or disruptive activity or behavior directly to any of the live stream organizers, or directly to the Global Azure admins at team@globalazure.net. All reports to the Global admin team will remain confidential.

Code of Conduct for local live streams

We expect local organizers to set up and enforce a Code of Conduct for all Global Azure live stream.

A good template can be found at https://confcodeofconduct.com/, including internationalized versions at https://github.com/confcodeofconduct/confcodeofconduct.com. An excellent version of a Code of Conduct, not a template, is built by the DDD Europe conference at https://dddeurope.com/2020/coc/.