JavaScript Conference 2025 (Warsaw & Online)
Learn from the BestMeet Dr. Philippe De Ryck
Breaking and securing OAuth 2.0 in frontends
Everyone agrees that Cross-Site Scripting (XSS) is a real threat to browser-based applications, yet many underestimate its true power. Common practices like using Single Page Applications as OAuth 2.0 clients, with techniques such as refresh token rotation, fail to account for real-world attackers.
This talk will demonstrate two concrete hacks against frontend OAuth 2.0 clients, highlighting the underlying vulnerabilities. We will explore how to address these security shortcomings by introducing structural solutions like the Backend-for-Frontend pattern. By the end of this session, you will be fully up to speed with the latest updates to the ""OAuth 2.0 for Browser-based Apps"" specification, co-authored by the presenter. You will walk away with a solid understanding of OAuth 2.0 security in frontends and best practices for securing sensitive applications.
Dr. Philippe De Ryck - Security Expert, Founder, GDE, Pragmatic Web Security | Belgium
Workshops
OAuth 2.0 & OpenID Connect Best Practices
OAuth 2.0 and OpenID Connect have become cornerstone technologies for most modern applications. Unfortunately, these technologies are insanely complex to grasp, making it hard to use them securely.
This workshop takes you on a step-by-step journey into the world of OAuth 2.0 and OpenID Connect, teaching you best practices along the way. At the end of this workshop, you will have a solid understanding of do's and don'ts with OAuth 2.0 and OIDC, along with actionable guidelines on securing your applications.
In this training, we will cover the following topics:
- Introduction to OAuth 2.0 and OpenID Connect
- Architecture patterns using OAuth 2.0 and OpenID Connect
- Best practices for securing OAuth 2.0 and OIDC flows
- Understanding OAuth 2.0 security in frontends
- Breaking OAuth 2.0 security in frontends
- Securing OAuth 2.0 with the Backend-For-Frontend pattern
- Using scopes and permissions in OAuth 2.0
- Securing APIs with OAuth 2.0
- Demos and practical examples throughout the day
This workshop is here to give you the skills you need to design architectures using OAuth 2.0 and OpenID Connect, to assess the security of your applications, and to enhance them using the latest best practices. In-depth lectures, real-world demos, fun quizzes, and practical examples will guide you through the complex landscape of OAuth 2.0 and OpenID Connect.
Learn from the Best Featured Speakers
Tomasz Ducin
Independent Consultant, Architect, Developer & Trainer, Poland
Dr. Philippe De Ryck
Security Expert, Founder, GDE, Pragmatic Web Security | Belgium
Sylwia Laskowska
Senior JavaScript Developer, Atos | Poland
Eugene Fidelin
Engineering Manager & Frontend SME, eBay | Netherlands
Julien Huang
Nuxt Core Team, Leetchi | France
Jemima Abu
Front End Developer, GDE, Microsoft MVP , CAIS | UK
Nir Kaufman
Tech Lead, Full-stack AI Engineer, GDE, Tikal | Israel
Daria Poliakova
Front-end developer, Conscensia | Poland
Matthew Podwysocki
Staff Engineer, Mapbox | USA
Damian Płaza
Senior Software Engineer / Power Grid Gdańsk R&D Manager, Volue/Bottega IT Minds | Poland
Soumaya Erradi
Senior Software Developer, Atlantis S.R.L. | Italy
Ihor Maistrenko
Angular / .NET Developer / Team Lead, Conscensia | Poland
Manfred Steyer
GDE for Angular, softwarearchitekt.at | Austria
Jakub Andrzejewski
Senior Fullstack Developer & Advocate, GDE, Monterail | Poland
Markus Ingvarsson
Back End Developer, Podme | Sweden
Michał Jawulski
Managing Delivery Architect, Capgemini | Poland
Frizzarin Nicolas
Senior Staff Engineer, GDE, SFEIR | Luxembourg
Önder Ceylan
Principal Engineer, Google Developers Expert, Jumbo Supermarkten | Netherlands
Alain Chautard
GDE, Expert Web Consultant, Trainer, Mentor, Angular Training | France
Michael Egger-Zikes
Trainer & Consultant, AngularArchitects.io | Austria
Alex Okrushko
Senior Software Engineer, Snowflake | Canada
Alexander Thalhammer
Passionate Angular Developer, Angular Architects | Austria
Younes Jaaidi
Software Development Cook, Teacher & Coach, GDE | France
Daniel Sogl
Software-Architekt, Thinktecture AG | Germany
Rainer Hahnekamp
Trainer and Consultant, AngularArchitects.io | Austria
Dariusz Kalbarczyk
Google Developer Expert, Author, Podcaster, NG/JS/AI POLAND | Poland
Exciting updates are on the way! We'll be announcing our first speakers for 2025 soon. Stay tuned! Want to be part of our lineup? Click the button below to apply!
Call For Papers 2025
Companies that support the JavaScript ecosystem
Our Sponsors 2025
By becoming a sponsor of JS Poland, you gain a unique opportunity to showcase your company and products to hundreds of experienced JavaScript developers, engineers, and tech leaders from across Europe.
This kind of exposure can boost visibility, strengthen your brand within the JS community, and help you attract top engineering talent.
To learn more about our sponsorship opportunities, please fill in the form.
Platinum Sponsor
Gold Sponsor
Special Sponsor
Special Sponsor
Special Sponsor
Special Sponsor
Special Sponsor
Special Sponsor
Special Sponsor
ngGirls Sponsor
Join our mailing list
Sign up to receive updates about JS Poland, including workshops, speaker previews, ticket launches, JS Awards, JavaScript Master Podcast, Behind the Code Magazine, CFP details and other exclusive content. We won’t spam you and will only send you emails we genuinely think you’ll find interesting. You can unsubscribe at any time and you can find more information here.