2025-04-24 –, Zeiss Plenary (Spectrum)
Is implementing authorization on your API endpoints an afterthought? Who should have access to your API endpoints? Is it secure? This talk covers using OAuth 2.0 to secure API endpoints built on FastAPI following industry-recognized best practices. Come on a journey with me from taking your API endpoints to being functional AND secure. When you follow secure identity standards, you’ll be equipped with a deeper understanding of the critical need for authorization.
Audience Level: Beginners, Pythonistas who build on FastAPI who are not necessarily security experts but still need to deploy secure APIs.
History of OAuth 2.0? (3 mins)
- Background/history on OAuth
- Why do we need OAuth 2.0?
Authorization Challenge (2 mins)
- Why implement secure authorization now rather than later?
- Data sensitivity
OAuth 2.0 Overview (3 mins)
- Core concepts
- Key features: What are JWTs?
- Benefits of using OAuth 2.0
Technical Implementation (4 mins)
- Components of OAuth 2.0
- Different types of authorization flows and use cases
- API setup on FastAPI
Demo with FastAPI (12 mins)
- Create an endpoint in FastAPI framework and secure it with OAuth 2.0
- What are the different identity providers that can provide authorization?
- Troubleshooting common issues
Best Practices (4 mins)
- Industry-standard protocol
- Token-based security
- Should you build your authorization server?
Next Steps (2 mins)
- Ability to integrate/provide SSO with various IdPs
- Share resources to learn more including blogs, GitHub repo, etc.
- Got questions? Connect with me!
Novice
Expected audience expertise: Python:Novice
Semona is a Developer Advocate at Okta. She enjoys chatting about OpenID Connect, OAuth 2.0, and web security, but most of all, learning how developers learn best. Outside work, Semona is a Pythonista, loves kombucha, and plays board/role-playing games and Ultimate!