JWTs Everywhere!

by Alysha Gardner

security web development api 10 minutes

The short story of how we used OAuth and JWTs (JSON Web Tokens) to add identity and authentication in every call to one of our widely used services. Includes an overview of how JWTs work and different OAuth flows for every use case.

This is a new talk about how we added OAuth to our Presto deployment and the steps involved to support access from Jupyter Notebooks and from other Python apps. I'll lay out the problem, explain the format of JWTs and how they're used in Google Auth flows, and walk through the three types of OAuth flows we used for different use cases - device flow for notebooks, service accounts for scheduled tasks and offline tokens to propagate a user's identity through a web app.

About the Author

Alysha is a senior developer on the Data Infrastructure Security team at Shopify. When she’s not dealing with problems of identity and authentication she enjoys running marathons and bicycle touring.

Author website: https://agardner.me/