Session: Secure Authentication for Modern Web Apps: Leveraging Azure AD and PKCE
In today’s cloud and SaaS landscape, implementing secure authentication for web applications and APIs is paramount. This session presents a modern approach leveraging Azure Active Directory (Azure AD) and the Proof Key for Code Exchange (PKCE) extension to the OAuth 2.0 standard.
Attendees will learn about a “zero trust” authentication flow that explicitly verifies user identity per session, adhering to principles like least privilege access for enhanced security. Utilizing the Microsoft Authentication Library (MSAL), the session will cover implementing the authorization code flow with PKCE for secure token acquisition, optimized with token caching and refreshing mechanisms.
Furthermore, we will demonstrate how to configure Azure AD to expose custom API scopes and validate incoming access tokens containing custom claims, ensuring data integrity and mitigating vulnerabilities such as code interception. This approach reduces reliance on passwords, providing a more robust authentication solution.
By the end of this session, attendees will gain insights into building a seamless, secure authentication experience for their web applications, leveraging Azure’s modern cloud identity platform. Join us to equip yourself with the techniques necessary to fortify your application’s security and promote trust in an ever-evolving digital landscape.
