OAuth 2.1: The Future of API Auth

A talk given by Rob Allen from Nineteen Feet Limited at the 2025 Platform Summit in Stockholm, Sweden. OAuth 2 is the gold standard for authentication in APIs and is currently being updated to version 2.1. In this talk we’ll dive into how it works and what’s different from OAuth 2.0. OAuth 2.1 consolidates and simplifies OAuth 2.0 along with bringing the best practices that have evolved since 2.0’s release into the main standard. I’ll discuss how the Authorization grant type has evolved with PKCE to make it the best for nearly all clients, and also cover the best practices to use today in order to secure your API. By the end of this session, you’ll be well prepared for the future of API security. Call for speakers for Platform Summit 2026 open - apply now: https://nordicapis.com/call-speakers/ Check the Nordic APIs website and blog: https://nordicapis.com/

Join Today
OAuth 2.0 and OpenID Connect (in plain English)
▶︎

OAuth 2.0 and OpenID Connect (in plain English)

Building a Killer API Program That Drives Growth
▶︎

Building a Killer API Program That Drives Growth

In Person: Making AI faster and safer with Docker by Michael Irwin
▶︎

In Person: Making AI faster and safer with Docker by Michael Irwin

Attacking AI - Jason Haddix - NDC Security 2026
▶︎

Attacking AI - Jason Haddix - NDC Security 2026

OAuth 2.1 Explained: The Complete Guide for Developers (Go & Keycloak)
▶︎

OAuth 2.1 Explained: The Complete Guide for Developers (Go & Keycloak)

7 Authentication Concepts Every Developer Should Know
▶︎

7 Authentication Concepts Every Developer Should Know

An Illustrated Guide to OAuth and OpenID Connect
▶︎

An Illustrated Guide to OAuth and OpenID Connect

API Monetization in the AI Era
▶︎

API Monetization in the AI Era

MCP Client OAuth Is Simpler Than You Think
▶︎

MCP Client OAuth Is Simpler Than You Think

#PKCE explained - Proof Key for Code Exchange for #OAuth2 Authz Code Grant | Niko Köbler (@dasniko)
▶︎

#PKCE explained - Proof Key for Code Exchange for #OAuth2 Authz Code Grant | Niko Köbler (@dasniko)

A Decade of Open Policy Agent
▶︎

A Decade of Open Policy Agent

From Data Bridges to Data Breaches: Understanding API Security
▶︎

From Data Bridges to Data Breaches: Understanding API Security

Turing Award Winner: Disagreeing with Google, Postgres, Future Problems | Mike Stonebraker
▶︎

Turing Award Winner: Disagreeing with Google, Postgres, Future Problems | Mike Stonebraker

[Session] Intro to OAuth for MCP Servers with Aaron Parecki, Okta
▶︎

[Session] Intro to OAuth for MCP Servers with Aaron Parecki, Okta

Andrej Karpathy: From Vibe Coding to Agentic Engineering w/ Stephanie Zhan
▶︎

Andrej Karpathy: From Vibe Coding to Agentic Engineering w/ Stephanie Zhan

Beyond the Agent Hype: Why Arazzo and Workflows Matter for Predictable AI
▶︎

Beyond the Agent Hype: Why Arazzo and Workflows Matter for Predictable AI

🚗 BYD : The biggest SCAM of the car industry ?
▶︎

🚗 BYD : The biggest SCAM of the car industry ?

The Insane Genius of a Formula 1 Gearbox
▶︎

The Insane Genius of a Formula 1 Gearbox

OAuth is Broken Without This | Meet PKCE
▶︎

OAuth is Broken Without This | Meet PKCE

Cybersecurity Architecture: Who Are You? Identity and Access Management
▶︎

Cybersecurity Architecture: Who Are You? Identity and Access Management