Purplecon 2019 ben dechrai, to identity and beyond!, https://purplecon.nz/talks#ben-dechrai, https://www.youtube.com/watch?v=_5FT5DAMVY4&list=PLS45xFo74VF546tbfXXtKDO03cVrAalM6&index=8&t=0s

it's unusual to develop applications that have no identity requirements nowadays. whether it's securing access to resources, synchronising data between devices, or providing a customised experience, any new project will soon need that login form. while you might start out with a simple login form and a backend user directory, these soon grow into their own beasts, when requirements call for multi-factor authentication, or machine-to-machine authorisation functionality. these requirements and associated maintenance costs are often at odds with the desire to focus on building new features that actually bring your users value, or fixing bugs that currently bring them pain. in this talk, you will learn about oauth, openid connect, and json web tokens; where they came from, how they work, and how they can simplify your projects, from single-page apps to the apis that drive them, and everything in between.