Sessions

Modern Authentication Demystified: A Deep Dive into Spring Security’s Latest Innovations

Andreas Falk - Novatec Consulting GmbH

In this session, we explore the latest advancements in Spring Security that are reshaping how we secure modern applications. With a focus on practical applications, we’ll discuss the revolutionary Passkey Authentication, a password-less and phishing-resistant mechanism based on WebAuthn and FIDO2 standards. Next, we’ll examine One-Time Tokens, a robust way to secure sensitive actions and enhance user experience for scenarios like password resets and transaction approvals. Finally, we’ll delve into the emerging concept of Token Exchange, which facilitates seamless cross-service authentication by securely exchanging OAuth tokens. Attendees will gain a clear understanding of how these new features work, their real-world use cases, and best practices for integrating them into their Spring Security applications.