OAuth 2: A closer look
When you look at OAuth 2 from a developer's perspective there are a number of things to consider. Let's take a closer look.
While building Pipedrive’s marketplace for third-party apps, we transitioned from API token authentication to OAuth, and it’s been an interesting learning experience.
In this talk, I will explain how the protocol works, discuss differences in how OAuth is implemented on different platforms, and explain how we managed the transition from API token to OAuth.
I will explain how CSRF attacks work in OAuth, how the state parameter can prevent them, how to manage synchronization between server and clients, and what you can run into when you roll out OAuth for dozens of apps.
> Skill level: intermediate
> Duration: 25 min
Daniele Timo Secondi
I graduated in Computer Science in 2007 in Italy. I started developing Flash games when they were still a thing. Since then, I've worked on web projects for important brands in tech and digital publishing, moving from front-end to back-end. I now work in Developer Relations at Pipedrive, helping developers build integrations and sharing useful content.