Protecting your users' data with just a username and password is no longer satisfactory. Two-factor authentication (2FA) is the primary method of countering the effects of stolen passwords and is easy to implement in your web application. In this session we will discuss what two-factor authentication is, how it works and the challenges associated with it. We will then look how to integrate two-factor authentication into your PHP application's login workflow. We'll consider both YubiKey and Google Authenticator implementations, so you can make your users' accounts more secure.
OAuth 2 is the gold standard for authentication in APIs and in this talk I took a deep dive into how it works and how to implement an OAuth 2 server in your API.
OAuth 2 is the gold standard for authentication in APIs and in this talk we’ll take a deep dive into how it works and how to implement an OAuth 2 server in your API. There are a number of work flows in OAuth 2 for different scenarios including mobile apps and websites connecting via JavaScript, so I will discuss each one and show you how to implement it. We’ll also look how to use JWT which can provide performance improvements. By the end, you’ll be well equipped to add OAuth2 to your API.
DDD for beginnersPresented at CodeMash, January 2017
Domain Driven Design focusses on modelling the domain logic. This talk looks at the components of the model layer of your web application and the options you have. How are you supposed to organise your models in an MVC application? What goes where? What is a service class, a mapper or an entity? We'll discuss the terminology and take a look at what Domain Driven Design is and see how you use service layer to provide the business logic for your application and hide your persistence code from your controllers. By the end of this session you will be equipped to create excellent, maintainable models in your projects.
Building line-of-business web applications for clients with traditional IT departments brings its own set of challenges when it comes to DevOps. In particular, the IT department adds additional constraints that you may not see in more forward-thinking companies. Rob Allen explores these complexities and shares some solutions he and his team came up with in order to use modern development practices in nontraditional environments. You’ll learn how CI tools with appropriate scripting enable reliable delivery of a quality product on IBM i and Windows. Rob also covers the organizational and technical challenges encountered when IT departments are not used to developers having a say in the server environment and shows you why it’s worth spending time getting them on board.
Building line-of-business web applications for clients with traditional IT departments brings its own set of challenges when it comes to DevOps. In particular, the IT department adds additional constraints that you may not see in more forward-thinking companies. Rob Allen explores these complexities and shares some solutions he and his team came up with in order to use modern development practices in nontraditional environments. You’ll learn how CI tools with appropriate scripting enable reliable delivery of a quality product on IBM i and Windows. Rob also covers the organizational and technical challenges encountered when IT departments are not used to developers having a say in the server environment and shows you why it’s worth spending time getting them on board.
Apple has open sourced Swift, their new programming language, so you can now use it on Linux servers. Swift's static typing, concise syntax and speed make it a good language for all types of server-side software including APIs. In this session you'll learn how to build an API in Swift 3. We'll cover the key concepts around HTTP request-response resource APIs, including accepting and generating the correct content type, routing, authentication and also returning errors appropriately.
Designing the M in MVCPresented at Software Architecture, October 2016
We all know that the M in MVC stands for model, but what does that actually mean? Domain-driven design helps us map our software to the business requirements of our clients, but it can be quite hard to understand. In this talk I explored the fundamentals of Domain Driven Design and showed how to apply it to the design and implementation of the business logic of your application.
Everyone is writing APIs from micro-services through to full applications, but what makes a good one? In this session we’ll go back to the basics and look at what I consider to be five of the more important architectural features that you should think about when creating an API. These are the features that ensure that your API plays well with HTTP and, more importantly, make your API a delight to maintain and work with. I want you to ensure that your API is a good HTTP citizen, while also providing developer-friendly features like thoughtful error handling and documentation.
Everyone is writing APIs from micro-services through to full applications, but what makes a good one? In this session we’ll go back to the basics and look at what I consider to be five of the more important architectural features that you should think about when creating an API. These are the features that ensure that your API plays well with HTTP and, more importantly, make your API a delight to maintain and work with. I want you to ensure that your API is a good HTTP citizen, while also providing developer-friendly features like thoughtful error handling and documentation.