Leaving the State: Sessionless (Stateless) Authentication in D8 with Whole Foods Market

Adam Weingarten and Dr J Daverth

Drupal’s authentication process can be expensive and difficult to scale. What do you do when you need to plan for an unknown but large number of authenticated users?

This presentation will show you the approach we took on the new D8 based wholefoodsmarket.com to allow Drupal to work with lots of authenticated users without taking down servers. We'll walk you through how we used an approach called session-less authentication to avoid database calls and the ways we are storing PII user data outside of Drupal.

What’s Covered?
Why scaling authenticated traffic is hard?
What is sessionless auth?
How can you use it to manage a single login to multiple sites, e.g. D7/D8?
Working with an external auth provider (Janrain)
PIIaaS! Storing PII as a Service in an API.
Proxying web-service calls - don’t do it!
How to delegate oauth tokens so your browsers connect to APIs directly
For Whom?
Enterprise architects looking for ways to build scalable authenticated experiences with Drupal.
Developers looking for authentication approaches that sign you in once but allow you to be authenticated in multiple places.

https://2017.badcamp.net/session/devops-performance-security-privacy/intermediate/leaving-state-sessionless-stateless

Drupal is a registered trademark of Dries Buytaert.