Safeguarding web applications against token theft: Fortifying security and trust in web browsers

While standards such as OAuth 2.0 have effectively established a robust framework for addressing the complexities of Authentication and Authorization, web developers all over the world often grapple with the challenge of securely storing and retrieving the tokens essential for these purposes, particularly in browsers.

In my talk, I aim to introduce a fresh approach for generating and storing tokens known as DPoP (Demonstrating Proof of Possession). DPoP is an emerging standard that extends the current OAuth 2.0 framework, offering an innovative solution to the challenges faced by web developers in token management. This approach is a potential game changer, that can significantly elevate the security of prevalent authentication and authorization mechanisms on the web today.

Shikhar Kapoor

I am Shikhar, currently working as a Software Architect at PhonePe. I have been helping companies build and scale web applications for 14 years. When I’m not staring into the screen, I find solace in playing Bach on the piano and nurturing a tiny garden on my balcony.