Developer Day

Alyssa Miller, S&P Global
Ali Spivak, Okta
Sam Julien, Auth0
Matias Woloski, Auth0
Eugenio Pace, Auth0

We’ll kick off Developer Day by celebrating developers like you building for the web, mobile, cloud infrastructure, and everywhere else code runs around the world.

Heather Downing, Principal Developer Advocate, Okta

Have you moved into a new house and want to automate *all the things*? Sounds pretty cool, right? Just one tiny concern: how secure is it to use "smart home" devices? Should you create your own software to control your blinds? What about hacking your cameras? The world of IoT (Internet of Things) has so many options to choose from but very little guidance about how secure they are, and how you as a developer can prevent unauthorized access. In this session, we will go over what you can do with existing platforms like Alexa and roll your own DIY projects to lock down who can use them - YOU.

Aaron Parecki, Security Architect Group Manager, Okta
Vittorio Bertocci, Principal Architect, Auth0

OAuth is the foundation of most of modern online security, used everywhere from signing in to mobile apps to protecting your bank accounts. Despite its ubiquity, there are still many misconceptions about OAuth and OpenID Connect in the wild.

In this session you'll learn about the background and original motivations that drove the creation of OAuth, how OAuth and OpenID Connect are used today to provide secure online experiences, as well as the latest developments and future work within the OAuth and OpenID Connect communities.

This session will cover the many new RFCs that have been published since the original draft of OAuth 2.0, which both add and remove functionality from the core spec. These include OAuth 2.0 for Native Apps, Proof Key for Code Exchange, OAuth 2.0 Security Best Current Practice, as well as some in-progress and experimental drafts such as JWT Access Tokens, Rich Authorization Requests, and various Proof of Possession techniques. This session will cover the current status of this ongoing work and what you need to know to be prepared for the future.

Jeff Taylor, Senior Product Manager, Developer Experience, Okta
Jeff Fry, Senior Technical Alliances Manager, JFrog

With Okta and JFrog, strengthen your shift-left DevSecOps strategy by validating the security of your application’s REST API endpoints before you release to production and to your customers. Learn how you can use Okta and JFrog to automate the validation of your authentication and authorization policies for your REST APIs.

Nick Gamb, Senior Developer Advocate, Okta

Gaming and XR technology represent a wild west for identity security. The industry itself is one of the most highly targeted and breach prone in all of tech, yet security is commonly prioritized last. Often user experience is emphasised over security and best practice standards are not always a perfect fit for some target platforms such as consoles or headsets. With constantly increasing demand for interconnected experiences in gaming, growing reliance on cloud based backend solutions, and the increased collection of player data occurring as players become the product, security has become paramount for game developers. In this talk, we will deep dive into how game and XR developers can balance experience and security using the security best practice standard OAuth. We will discuss the basics of OAuth, designing experiences for different target platforms, and using a player's authorization to interact with other cloud based backend solutions. This session is intended for game/XR developers, or developers who are interested in game/XR development, and assumes a basic level of development knowledge with related engines and tech. Existing experience with identity security best practices and OAuth are not required.