Posted on: Wednesday, November 9th, 2016
On Tuesday, November 15th, Mark Wilson, a Senior Developer at Logical Advantage, is leading a Lunch & Learn titled “Authentication Using OpenID Connect and OAuth2.”
In anticipation of the event, we asked him a few questions about the experiences that brought him to where he is today, what participants can expect and more!
Logical Advantage: What experiences and passions do you think led to where you are today?
Mark Wilson: My father brought home the Commodore 64 followed very shortly by the Osborne Executive in the early 1980s. I was immediately hooked. Since then, I have always been surrounded by computers. It should come as no surprise that I pursued a career in Information Technology. It wasn’t until college when I realized my love of programming. Soon after graduating, I discovered user groups. They are an excellent way to receive a technical education and meet with peers to get more out of the latest software platforms, products, technologies, and resources.
Logical Advantage: When did you decide to take on a career in tech?
Mark Wilson: I wanted to pursue a career in Information Technology before graduating high school. The only question was which college to go to and what degree(s) could they offer. What I didn’t expect was how enterprise businesses treated all graduates the same regardless of their degree.
Logical Advantage: Have you hosted any other events like your upcoming Lunch & Learn?
Mark Wilson: I have given this session/talk at the CodeStock conference in Knoxville, TN; the Charlotte ALT.NET user group in Charlotte, NC; and the Atlanta Code Camp in Atlanta, GA.
Logical Advantage: When it comes to security, what do you think is the greatest challenge modern applications face?
Mark Wilson: The fear of open-source solutions. Because software developers fear black boxes, they tend to always “recreate the wheel” on their own. A home-brewed security solution is less safe than one built with a team of experts.
Logical Advantage: What experience do you have with OpenID and OAuth 2.0.? How are they similar? How are they different?
Mark Wilson: OAuth was first created in November 2006 when Blaine Cook developed the Twitter OpenID implementation. It is an authorization framework that issues access tokens to third-party clients/websites. Most social media sites have adopted the framework. The problem is that the most recent version of the protocol, OAuth 2.0, is not an authentication protocol despite many developers treating it that way.
OpenID Connect is the newest security protocol but is considered to be the future. It is designed from the beginning to be more usable by native and mobile applications. It achieves this by being a RESTful HTTP API using JSON. It is an authentication layer that sits on top of OAuth 2.0. OpenID Connect combined with OAuth 2.0 are better together (than just OAuth alone).
Logical Advantage: Have you used these technologies on any personal projects?
Mark Wilson: Because I was unable to find any good demos combining OpenID Connect and OAuth 2.0 with AngularJS, I developed an example application that I plan to contribute back to the community as an IdentityServer example implementation.
Logical Advantage: What questions do you hope to address in your November Lunch & Learn?
Mark Wilson: The focus of my presentation is on the “why” – why developers should consider using OpenID Connect and OAuth 2.0. These two protocols are designed to meet most modern application security needs.
Logical Advantage: Who will benefit the most from your talk?
Mark Wilson: Anyone interested in the new and changed approaches to securing their applications and APIs. That should be pretty much all developers.
Logical Advantage: How can participants prepare for the event?
Mark Wilson: No preparation necessary. I cover the topics in depth so that all participants leave with the same knowledge.
Logical Advantage: What’s one thing you’d like to add that we haven’t discussed already?
Mark Wilson: The demo application that I developed is a full implementation of an AngularJS 1.x client website coupled with a shared security token service using IdentityServer 3 and an ASP.NET Web API server resource.
If you’re interested in attending this Lunch & Learn on November 15th, find more details here.Go Back