Explore OAuth and OpenID Connect as powerful tools for managing identity in distributed systems during this 48-minute conference talk from GOTO Copenhagen 2019. Discover how to leverage these protocols to enhance agility, scalability, and security in your API infrastructure. Learn about tracing and delegating end-user identities, managing user permissions across large organizations, and implementing standards-based approaches for large-scale deployments. Delve into topics such as API security maturity models, the limitations of API keys and Basic Auth, and practical examples involving publishers and mobile apps. Gain insights on passing information securely, verifying claims, utilizing attribute sources, and effectively implementing access control. Understand the distinctions between claims and scopes, explore custom grouping techniques, and learn how to identify essential data for tokens. Conclude with a summary of best practices for maintaining a clean, non-spaghetti-like architecture and properly distinguishing between attributes and claims in your identity management strategy. Read more