WarsawJS exists to support and upskill junior and senior software developers by creating an international, Berlin Code of Conduct-compliant platform to share knowledge and experience. With the backing of a global network of members and sponsors, WarsawJS has created and is developing an open-source repository.
Robert Kawecki at WarsawJS
On 8th June 2022, AdTonos’ very own Senior Developer, Robert Kawecki, delivered a fantastically insightful presentation as part of the latest WarsawJS Meetup networking event. It was a privilege to sponsor this event, and help create a space for JavaScript enthusiasts to get together, share knowledge and grow as developers.
In his fascinating presentation, “Sessions vs. tokens: a how-to guide for implementing authentication state in your product”, Robert began his presentation by reflecting on how demanding the last 2 years have been, and how glad he was that these events were back! He took the time to distinguish Authentication (e.g., user/password pairs, FIDO2 tokens in crypto systems) which deals with proving identity, with Authorization, which controls access to system resources.
Robert’s Top Tips
He also stressed how in order to prevent credentials/ secrets being leaked if the front end becomes compromised, all secrets should be in cookie form versus being kept in local storage, which earned him some applause from the audience! He emphasised that there is one right way to do sessions and client side secrets, and one way only: as http only cookies alongside TLS or SSL.
In terms of navigating issues Javascript and single sign on (SSO), Robert noted there could be issues around unacceptable coupling, that microservices may need to be considered, as coupling session databases might not be able to use sessions as they are. Robert then looked into hybridity and abstracting as a means of affording developers more flexibility and security, for example, by starting processes off with sessions, and progressing to JWT or refresh tokens – with the caveat that JWT should be used with care and only ever be used as a starting point in developing if there is very good reason to!
Robert recommends using hybrid third party solutions like Keycloak (OSS), auth0 (commercial) and Supertokens (OSS/ Commercial), and especially encouraged the audience to look into the learning material included in supertokens’ marketing materials.
He also cautioned the audience not to fall for the hype of every new technology that goes to market unless companies have the adequate tools to add these new technologies to their arsenal. If teams do not have in-house response and security teams, the best thing to do is to consult with external incident response professionals for advice before committing to any changes in their own operations.
Supporting the Coding Community in Warsaw and Beyond
Reflecting on his experience at the event, Robert commented:
“I really enjoyed being able to deliver an in-person presentation again to such an engaged community, it’s always such a pleasure! For years, WarsawJS has been a safe space to talk about programming, discover new ideas and revisit old practices. And this month, as always, it has attracted a wide attendance from junior coders to true veterans in the field. Today in 2022, community building is as important as ever, and regional meet-ups are a unique place to learn, teach and empower. So if you are a tech person, take a minute to explore events happening near you – don’t let the exciting stuff go under your radar!”
Missed the event, but want to watch Robert’s presentation? You can watch the presentation on demand here. So, are you curious about how you can progress your career in developing in the adtech industry?
“There are a variety of ways to get involved in WarsawJS events that enable you to develop both in terms of technical knowledge and other transferable skills. As a consequence, the participants improve themselves comprehensively, while helping others to develop. The students often become the teachers and it is this positive effect that enables us to create a continuous loop that benefits the community as a whole!” – Piotr Zientara, Leader, WarsawJS and CEO, XFaang.
If you are interested in joining or contributing to WarsawJS, visit their website. Why not also check out open positions with our R&D team?