JavaScript Conference 2025 (Warsaw & Online)
Learn from the BestMeet Dr. Philippe De Ryck
Breaking and securing OAuth 2.0 in frontends
Everyone agrees that Cross-Site Scripting (XSS) is a real threat to browser-based applications, yet many underestimate its true power. Common practices like using Single Page Applications as OAuth 2.0 clients, with techniques such as refresh token rotation, fail to account for real-world attackers.
This talk will demonstrate two concrete hacks against frontend OAuth 2.0 clients, highlighting the underlying vulnerabilities. We will explore how to address these security shortcomings by introducing structural solutions like the Backend-for-Frontend pattern. By the end of this session, you will be fully up to speed with the latest updates to the ""OAuth 2.0 for Browser-based Apps"" specification, co-authored by the presenter. You will walk away with a solid understanding of OAuth 2.0 security in frontends and best practices for securing sensitive applications.
Dr. Philippe De Ryck - Security Expert, Founder, GDE, Pragmatic Web Security | Belgium
Workshops
OAuth 2.0 & OpenID Connect Best Practices
OAuth 2.0 and OpenID Connect have become cornerstone technologies for most modern applications. Unfortunately, these technologies are insanely complex to grasp, making it hard to use them securely.
This workshop takes you on a step-by-step journey into the world of OAuth 2.0 and OpenID Connect, teaching you best practices along the way. At the end of this workshop, you will have a solid understanding of do's and don'ts with OAuth 2.0 and OIDC, along with actionable guidelines on securing your applications.
In this training, we will cover the following topics:
- Introduction to OAuth 2.0 and OpenID Connect
- Architecture patterns using OAuth 2.0 and OpenID Connect
- Best practices for securing OAuth 2.0 and OIDC flows
- Understanding OAuth 2.0 security in frontends
- Breaking OAuth 2.0 security in frontends
- Securing OAuth 2.0 with the Backend-For-Frontend pattern
- Using scopes and permissions in OAuth 2.0
- Securing APIs with OAuth 2.0
- Demos and practical examples throughout the day
This workshop is here to give you the skills you need to design architectures using OAuth 2.0 and OpenID Connect, to assess the security of your applications, and to enhance them using the latest best practices. In-depth lectures, real-world demos, fun quizzes, and practical examples will guide you through the complex landscape of OAuth 2.0 and OpenID Connect.
Learn from the Best Featured Speakers
Meet our first speakers for 2025! More to be announced soon. Interested in joining? Apply below!
Call For Papers 2025
Companies that support the JavaScript ecosystem
Our Sponsors 2026
By becoming a sponsor of JS Poland, you gain a unique opportunity to showcase your company and products to hundreds of experienced JavaScript developers, engineers, and tech leaders from across Europe.
This kind of exposure can boost visibility, strengthen your brand within the JS community, and help you attract top engineering talent.
To learn more about our sponsorship opportunities, please fill in the form.
Platinum Sponsor
Gold Sponsor
Special Sponsor
Special Sponsor
Special Sponsor
Special Sponsor
Special Sponsor
Special Sponsor
Special Sponsor
ngGirls Sponsor
Join our mailing list
Sign up to receive updates about JS Poland, including workshops, speaker previews, ticket launches, JS Awards, JavaScript Master Podcast, Behind the Code Magazine, CFP details and other exclusive content. We won’t spam you and will only send you emails we genuinely think you’ll find interesting. You can unsubscribe at any time and you can find more information here.