JAX-RS, OAuth, OpenID Connect (OIDC), Authentication, Authorization and Quarkus

An airhacks.fm conversation with Sergey Beryozkin (@sberyozkin) about:

RPC vs. REST, Paul Sandoz was driving the JAX-RS specification, the scalability of REST, the Tolerant Reader pattern, HATEOAS, Jersey was the reference implementation of JAX-RS, JAX-RS without servlets, the problems with OAuth 1, OAuth 2 fixed OAuth 1 problems, the session fixation problem, OIDC builds on OAuth 2, in OAuth 2 there are no sessions, Confidential OIDC client, OIDC extension, Elytron Security OAuth 2.0, ID tokens vs. access tokens, Opaque access tokens vs. JWT access tokens, the implicit flow, SmallRye JWT extension vs. OIDC extension, the importance of standards, the value of standards, passkeys the NeXT big thing, verifiable credentiats, JSON web proof, mutual TLS support in Quarkus, automatic certificate renewal

Sergey Beryozkin on twitter: @sberyozkin