Sessions

Next-Gen Security with Spring: Passkeys, Token Exchange, and Authorization Enhancements [Workshop]

Andreas Falk - Novatec Consulting GmbH

This 2-hour hands-on workshop explores the latest cutting-edge features in Spring Security, equipping developers with the knowledge to implement modern authentication and authorization mechanisms in their applications. We’ll start by diving into Passkey Authentication, a password-less, phishing-resistant solution built on WebAuthn and FIDO2 standards, providing an enhanced user experience and stronger security.

Next, we’ll explore the enhancements in authorization capabilities like authorizing domain object fields.

Finally, we’ll cover the Token Exchange mechanism, which enables seamless, secure communication between services by exchanging OAuth tokens (using Spring Authorization Server).

Through practical hands-on labs, attendees will learn how to leverage these features effectively in their Spring Security applications. This session is perfect for developers and architects looking to stay ahead in the rapidly evolving field of application security.

Workshop requirements:

• Java 21+
• IDE (IntelliJ IDEA, VS Code, etc.)
• Access to a web browser (for passkey demo)

Additional notes Planned agenda for the workshop:

1. Introduction (10 minutes)
2. Passkeys Authentication (30 minutes)
3. Enhancements of Authorization (25 minutes)
4. Token Exchange (35 minutes)
5. Q&A and Wrap-Up (15 minutes)

Sections 2,3,4 include hands-on parts that attendees will implement. The hands-on parts will be instructed by me and by a corresponding online tutorial. This way every attendee can do the hands-on parts at his/her own pace and even continue/complete after the workshop.