98: Ryan Chenkie - Securing Single Page Applications

Topics include:

• What JSON Web Tokens are and how to use them to authenticate users
• Strategies for invalidating stateless API tokens
• Using cookie and session authentication
• Using authentication-as-a-service solutions like Auth0
• Proxying requests to your API to simplify CORS issues
• Protecting against XSS attacks

Sponsors:

• Cloudinary, sign up and get 300,000 images/videos, 10GB of storage and 20GB of monthly bandwidth for free
• Rollbar, sign up at https://rollbar.com/fullstackradio to try their Bootstrap Plan free for 90 days

Links:

• JSON Web Tokens
• Securing Angular Applications, Ryan's book
• Security Headers scanning tool
• "I’m harvesting credit card numbers and passwords from your site. Here’s how."
• https://auth0.com/
• "CORS is bad for performance" Twitter thread

Episode source