JSFoo 2018

JSFoo 2018

On JavaScript and Security

##JSFoo 2018 will be held on 26 and 27 October 2018.

##About the conference:
JSFoo is HasGeek’s annual JavaScript conference. JSFoo is in its eighth edition this year.

The 2018 edition is single-track event with talks in auditorium 1 at the NIMHANS Convention Centre, and Birds of Feather (BOF) sessions in the hallway. Meta Refresh -- with talks on usability, user experience, design and UI engineering will be held in auditorium 2 at the NIMHANS Convention Centre.

##Theme: JavaScript and Security

Core talks, held in the mornings, at JSFoo 2018 will be based on the theme “JavaScript and Security”. Under this theme, we will cover the following topics:

  1. Security and front-end
  2. Backend, node.js and security
  3. Framework specific security concerns
  4. Authentication
  5. Security audits

Besides the main theme, JSFoo will cover the following topics:

  1. Case studies of Vue.js, GraphQL, ReasonML and other framework/language adoption.
  2. Architecture approaches (and case studies) for engineering web apps.
  3. Latest developments in JavaScript and web ecosystem – the cutting edge.
  4. Best practices: debugging and profiling on the web, testing, measuring performance.
  5. JS off the web – conversational UI, raspberry pi, IoT

We are inviting proposals:

  1. Full talks: 40 mins duration
  2. Crisp talk: 20 mins duration
  3. Hands-on workshops of 3 or 6 hour duration
  4. Birds Of Feather (BOF) sessions of 45-60 mins duration

Selection process

Proposals will be filtered and shortlisted by an Editorial Panel.

** Make sure to add links to videos / slide decks when submitting proposals. We will not review proposals without detailed outlines or slide decks and preview videos.**

The first filter for every proposal is whether the technology or solution you are referring to is open source or not. If you are referring to a proprietary technology, consider picking up a sponsored session.

The criteria for selecting proposals, in the order of importance, are:

  1. Key insight or takeaway: what can you share with participants that will help them in their work and in thinking about the problem?
  2. Structure of the talk and flow of content: a detailed outline helps us understand the focus of the talk, and the clarity of your thought process.
  3. Ability to communicate succinctly, and how you engage with the audience. You must submit link to a two-minute preview video explaining what your talk is about, and what is the key takeaway for the audience.

No one submits the perfect proposal in the first instance. We therefore encourage you to:

  1. Submit your proposal early so that we have more time to iterate if the proposal has potential.
  2. Write to us on: jsfoo.editorial@hasgeek.com if you want to discuss an idea for your proposal, and need help / advice on how to structure it.

Our editorial team also helps potential speakers in refining their talk ideas, and rehearsing at least twice - before the main conference - to sharpen the insights presented in the talk.

##Passes and honorarium for speakers:
We pay an honorarium of Rs. 3,000 to each speaker and workshop instructor at the end of their talk/workshop. Confirmed speakers and instructors also get a pass to the conference and networking dinner. We do not provide free passes for speakers’ colleagues and spouses.

##Travel grants for outstation speakers:
Travel grants are available for international speakers who have led/worked on projects that have large-scale adoption. Travel grants are available for domestic speakers (without the criteria mentioned for international speakers).
We evaluate each travel grant application on its merits, giving preference to women, people of non-binary gender, and Africans. If you require a grant, request it when you submit your proposal in the field where you add your location. JSFoo is funded through ticket purchases and sponsorships; travel grant budgets vary.

##Important dates:
JSFoo + Meta Refresh: 26 and 27 October, at the NIMHANS Convention Centre.


For tickets and sponsorships, contact info@hasgeek.com or call +91-7676332020.

Hosted by

JSFoo is a forum for discussing UI engineering; fullstack development; web applications engineering, performance, security and design; accessibility; and latest developments in #JavaScript. Follow JSFoo on Twitter more
Arnav Gupta

Arnav Gupta


Authentication done right: Consuming (and Serving) Oauth2.0

Submitted Feb 2, 2018

Your brand has multiple products on the web. They all need authentication. But obviously, you’d maintain a common authentication and user database.
Also, in this age, you cannot make a login system without Login with [Facebook|Google|Twitter|...]
For the second thing, you need to consume Oauth2.0 (the industry standard now), for the first thing, you need to make your own Oauth server.
And you want all of this to happen securely (so yeah, little to no frontend JS)


This talk is nothing but my journey of building oneauth
Even before we had a tech team, I knew we’d be building at least 2 very disconnected products, but having a common authentication mechanism. My search for a reference took me to HasGeek’s own - Lastser
I eventually wrote my own in NodeJS, which uses a lot of open source tools from Auth0 (including the famous Passport.js)

Also we had a lot of users using an older website with user accounts made there. Our new website seamlessly migrates them when they login for the first time on new website.

What we will cover is -

  • Usual local authentication (email + username + password)
  • Best practices (no frontend JS, bcrypt passwords, project strucuture)
  • Consuming Oauth from Facebook/Twitter/Github or others
  • Connecting existing account to social logins
  • Fallback strategies (migrating users silently from old website without showing them)
  • Building your own Oauth2.0 server
  • Consuming your own Oauth in your clients (Web and/or Mobile)
  • Deduplicating users without breaking loose hell
  • Maintaining state across login logic (returnTo, redirectTo)

Some important theory covered will be -

  • Authentication vs Authorization (without the Aadhaar debate ;P )
  • Authentication via Authorization (OpenID connect)
  • OpenID vs Oauth
  • Oauth1.0 vs Oauth2.0
  • Implicit vs Explicit Authorization (serverless vs w/server consumers)
  • Cookies vs Tokens
  • Tokens (Bearer vs JWT: having server-side deauthorization capability)
  • Token Refreshing logic

Our story is a typical startup turning half-baked PoC’s and MVP’s into production ready websites.
We didn’t verify emails or even have unique email address column from the beginning. How can we bake
those in, post facto (without destroying everyone’s accounts) will also feature in my talk.

Speaker bio

Arnav Gupta is the Co-Founder of Coding Blocks, an online + offline software development bootcamp, based out of New Delhi, where he mentors Android and NodeJS students.
He has been tinkering with Android, NodeJS and Electronics since school and has contributions to open source projects like the Android OS (AOSP), Arduino IDE, FOSSIA Open Event.
Arnav has been a speaker at many national and international conferences including FOSSASIA, DroidCon India, JsFoo, Fragments, MODS, Devfest Russia and OSDConf.


{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

JSFoo is a forum for discussing UI engineering; fullstack development; web applications engineering, performance, security and design; accessibility; and latest developments in #JavaScript. Follow JSFoo on Twitter more