Talks
Speakers
Events
Topics
Sign in
Home
Talks
Speakers
Events
Topics
Leaderboard
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
RailsConf 2017: Portable Sessions with JSON Web Tokens by Lance Ivy Ever wonder why applications use sessions and APIs use tokens? Must there really be a difference? JSON Web Tokens are an emerging standard for portable secure messages. We'll talk briefly about how they're built and how they earn your trust, then dig into some practical examples you can take back and apply to your own majestic monolith or serious services.
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
In this RailsConf 2017 presentation, Lance Ivy discusses the use of JSON Web Tokens (JWT) and how they can serve as a flexible and secure method of managing sessions in applications. The session provides a comparative analysis between traditional session management via cookies and the token-based authentication system commonly used in APIs, highlighting the emergence of JWT as a standard for portable secure messages. Ivy begins by explaining the historical context of authentication systems, detailing the nuances between cookies and tokens and the problems that arise when managing separate authentication mechanisms. Key points include: - **Understanding Authentication**: The concept of logging in, involving user credentials (username/password or third-party auth providers), and how cookies and tokens operate to maintain sessions. - **JWT Structure**: Introduction to the JWT framework which combines signatures and structured data for secure message communication, emphasizing how it retains claims essential for verifying token authenticity. - **Advantages of JWT over Traditional Methods**: - **Flexibility**: JWTs can function within both cookie and authorization headers, facilitating use in different architectures. - **Increased Performance**: By allowing the API to validate tokens without requiring database queries, JWTs enhance scalability and response times. - **Uncoupling from Rails**: JWT libraries are available in multiple programming languages and help in decoupling authentication from specific frameworks like Rails. - **Security Features**: The use of asymmetric key signing methods like RSA to reduce the need for shared secrets, thus providing a better security posture in distributed systems. - **Practical Implementations**: Ivy shares real-world applications of JWTs in password resets, session management via email, and handling user state changes effectively. In conclusion, Ivy encourages developers to adopt JWTs in their applications, pointing out their versatility and ease of integration regardless of whether they run monolithic applications or services. The key takeaways emphasize starting with basic implementations of JWTs and exploring their potential as developers become more comfortable with the technology.
Suggest modifications
Cancel
