Understanding Modern Identity: From Login Basics to OIDC and Passkeys

Abstract

Modern authentication has changed dramatically, yet many developers still experience it as a confusing mix of protocols, tokens, and buzzwords. This talk cuts through that confusion with a clear, didactic journey across the three major phases of identity: classic login, OpenID Connect, and passkeys/WebAuthn.

We begin by examining what actually happens during a traditional email-and-password login—how passwords should be stored, how sessions work, and why this model quickly becomes fragile and difficult to scale. From there, we move to OpenID Connect and explore how standardized flows, ID tokens, and federation solve the limitations of home-grown authentication systems. You’ll see how OIDC fits into modern architectures and how to validate tokens correctly with simple, practical PHP examples.

Finally, we look ahead to the emerging world of passkeys and WebAuthn, explaining how public-key credentials eliminate entire classes of attacks and dramatically improve user experience. You’ll learn how passkeys integrate with existing systems and why they represent a fundamental shift in how we think about identity.

By the end, attendees will have a solid mental model that connects these three eras of authentication and understand when—and why—to choose each approach. This talk is ideal for developers seeking clarity, security, and future-proofing in their identity implementations.