9 Serveless and JWT

Auckland, Conference, OWASP

9 Serveless and JWT

@rowdymehul
Mehul Patel

serverless

IBM OpenWhisk https://openwhisk.apache.org/
AWS
Google
Kuberless
https://www.twistlock.com/2018/07/10/serverless-comparison-lambda-vs-azure-vs-gcp-vs-openwhisk/

core concepts

function
event
services

auth

Authorization what you can do 授权
Authentication who you are 认证

Screen Shot 2019-02-22 at 8.50.51 PM.jpg
Screen Shot 2019-02-22 at 8.51.00 PM.jpg

JSON Web Token

3 JWAT Attacting JWT

a way to encode information
securely communicate JSON objects
secret based verification
self contained

OAuth 2.0

user gain access without giving them passwords

Roles:

resource owner, normally end user
resource server, the api you want to access
client, the app requesting accer to a protected resurce on bahalf of the resource owner
authorization server, like Auth0

Protocol flow (in picture)

Deployment

App =Auth0 + Serverless Platform
webtask.io