Identity at the Center Identity at the Center #58 - Browser Tracking and the Identity Effects with Vittorio Bertocci
Aug 24, 2020
In this discussion, Vittorio Bertocci, Principal Architect at Auth0 and an authority on identity experiences, shares his journey from computational geometry to identity innovation. He dives into the complexities of browser tracking, including how restrictions disrupt single sign-on flows. Vittorio outlines various tracking methods beyond cookies and addresses the tension between user privacy and advertising needs. He also reflects on the ethical implications of behavioral manipulation and the responsibilities developers face in creating secure identity solutions.
AI Snips
Chapters
Transcript
Episode notes
Tracking And Identity Share Browser Primitives
- Browser tracking uses the same browser primitives as identity protocols, creating collisions.
- When browsers block trackers they can inadvertently break single sign-on and background token refreshes.
Prefer Server-Side Flows Over Cookie Reliance
- Avoid flows that depend on cross-site cookies when possible and prefer server-side flows.
- Use authorization code flow with proper refresh-token rotation to reduce reliance on fragile browser state.
Auth Redirects Look Like Trackers
- Link decoration and query-string parameters mimic tracking patterns and get flagged by browsers.
- OpenID Connect redirects can be mistaken for tracking and trigger cookie restrictions.