Milan Starčević

Principal Consultant
Zuhlke Engineering


Get to know OAuth intimately


I am a Principal Consultant, Architect and Software Developer with over 10 years of professional experience in various industries. Together with my teams, I created software for insurance, banking, telecom, transport & logistics, aviation, industrial production, medical and consumer industries.

I believe in cross-cultural and interdisciplinary collaboration and have worked in distributed teams worldwide. Projects ranged from discoveries and prototypes with a focused team, to scaled enterprise projects with multiple teams using SAFe and lasting many years in all phases of maturity.

My professional areas are architecture, web development, cybersecurity, team leadership and teaching.


OAuth2 and OpenID Connect are omnipresent in today’s systems. Yet how many developers have read the RFC docu-ments defining these protocols and their corollary specifications, like RFC 7519 which defines JWT? Well, who has the time!

That’s why I did this for you and want to give you an understanding of how these various concepts build on top of each other and explain things like Scopes vs Claims, JWT vs Bearer or SSO vs OIDC. We’ll also answer how to select the correct OIDC Flow and what are the common pitfalls when using libraries to implement OpenID Connect.

See you at Heapcon in days hours minutes seconds