PyConLT 2021

JWT and OAuth2. Should we reinvent the wheel?
09-03, 14:00–14:30 (Europe/Vilnius), Main

When starting a new project - sooner or later you’ll probably come across a decision "How my platform users will get authorized?". In Corner Case Technologies we join client teams or take over other projects and probably have never seen the same implementation of an authorization twice. Even when starting projects on our own we like to try one or another library, which still results in different implementations sometimes. Eventually, this made me start thinking - should we really reinvent the wheel on authorization? This is definitely a huge topic, hence the main focus will be on JWT and OAuth2

In CCT, we have weekly Backend Talks, during which we share new implementations or some headaches fixes, which came throughout a week. Here I presented this topic about OAuth2 and JWT and we had quite a discussion with a team about it, after which we agreed that this topic might be also interesting for the Python community.

My main goal when giving this presentation will be to present - what is OAuth2 and its proper flow. After that will present JWT, its structure, and how it should be used. Later on, will give you libraries that help to implement OAuth2 with JWT into an application and will try to compare them. Last but not least - security considerations for the JWT and OAuth2.
Let's meet at the PyCon!

What topics define your talk the best?

Open Source, Web Development, First-time speaker

Bachelor's degree in IT and Master's degree in Information and Information Technology Security.
Senior software developer and team lead of 9 Python tamers in Corner Case Technologies.
Python evangelist, which loves Flake8, MyPy, and security spice within automated amazing pipelines!
I actually have a toy snake on my work table