Hybrid Apps and OAuth Authentication. (PIXY's quest for safer native apps: The battle for HybridLand)

[darkyen]

Hi sorry to be late to the party. I recently found out I'll be in DC for the month of Feb and would love to share my expertise in OAuth & OIDC.

Your Name: Abhishek Hingnikar Your twitter handle: darkyen00 A few words about yourself: I am a full stack developer and have worked on things from Cordova to Sending JWTs over a custom written audio modem using speaker and mic (in cordova). I enjoy connecting to people and hacking cool things and coding where no developer has gone before.

Talk title: PIXY's quest for safer native apps: The battle for HybridLand.

Talk abstract:
PKCE is a spec for implementing authentication in native application. Chrome Extensions, Cordova, Ionic and React Native apps fall into a grey area where OAuth implicit handshake makes sense at the first glance as most libraries offer excellent support and in general is more supported. However PKCE offers a more secure and more concrete solution to solving oauth in hybrid land.

This talk will go over what is PKCE, what problem it solves and how can you use PKCE in your own application a short and sweet demo and a take-home library.

I'll be using Webtask to host a very simple Express API, Auth0 as an OIDC provider and Phonegap/Cordova to demonstrate the concepts. These features will not be covered in depth in the talk the prime focus will be PKCE and Why should you be using it to authenticate.

The concepts are applicable to Any OAuth/OIDC compliant server and API server on the relying party.

Expected length: 10-15mins;

Available months: Feb

[jakerella]

Thanks for submitting Abhishek! I see that you specified 10-15 min... we need to keep lightning talks under 10 minutes. Is that possible?

[darkyen]

Yep, I can make it under 10 minutes :)

[jakerella]

Sounds good! I'll add you to the list.