Explore the challenges of authentication and authorization in distributed systems, microservices, and Web APIs through this comprehensive conference talk. Delve into the principles of OAuth2, OpenID Connect, and JSON Web Tokens (JWT) standards, and discover how they address auth* challenges in modern architectures. Learn about a clever solution using JBoss Keycloak, and gain insights into security tokens, authorization flows, refresh token flows, and JWT claims. Examine practical implementations with JavaScript and security APIs, and understand the ecosystem of managed services. Conclude with a Q&A session to solidify your understanding of Single Sign-On (SSO) for Web APIs.