What I learned from GOTO Berlin 2018

This year’s GOTO Berlin conference was packed with a lot of motivational and interesting topics relating to leadership, mentorship, Serverless, machine learning and big data. I’ll try to condense my learnings in this article while providing a general overview of the talks I attended during the second day of the conference. I’ll add the links to the talks and encourage you to watch them to have a better understanding of the topics.

N26, the company I work for, sponsored GOTO for the second time. This was the perfect opportunity for me to network, chat with customers, and engage with fellow developers and leaders of different sectors and company sizes. Most of them were curious about our work at N26, the way in which we are currently building a bank on the cloud with CI/CD and the challenges we face on a day to day basis.

As a disclaimer, I’m a Senior software engineer, recently transitioning into a technical leadership role, so most of the talks I attended were either related to big data, leadership or backend services.

Keynote: Teaching kids to code for 10 years

This was without a doubt one of my favorite talks. Lynn Langit and Jessica Ellis presented their experience report on teaching kids computational thinking for the last decade. They started working on this initiative due to the serious underrepresentation of women in the tech industry. This led to their decision to start teaching programing at an early age. Since then, they have trained numerous teachers and students all around the world.

Photo courtesy of GOTO Berlin 2018

As you can imagine, keeping children engaged and motivated is a challenging task. They wanted to have something that kids could play around with an immediate visual response. To do so, they developed a courseware for the teaching process, which is an adaptation of Logo written on Java. This library lets you draw objects by moving around the tortoise using commands.

The course is split into recipes which teach computational thinking skills. recipes are a set of instructions written in english, which should be translated into code, once the student is done, s(he) can get an immediate visual validation on the task.

They are looking for volunteers to help them expand the courseware further, so feel free to contribute on their github repository.

Personal and professional career panel

Multiple CTOs and VPs of engineering from multiple kinds of startups and established tech companies discuss about management, career development, leadership, motivation and diversity. What I found interesting was the different kind of managements styles and experience between the speakers. you can find bellow the sentences that stuck with me afterwards:

  • Try to practice radical honesty towards yourself and towards others.
  • It’s ok to be afraid to try something, failure is part of the learning path.
  • Appreciation is a second salary, make sure you give it.
  • Not everybody is manager material, some people would be amazing experts in their specifics fields instead of managers.
  • You should not rush into a manager position just because it’s the next step of the ladder.
  • Career should be defined more by results than by promotions.
  • Career is not how many people you are managing but what your impact is in the organization.
  • Talent is distributed equally but opportunities are not, you need to fight to keep yourself from unconscious biases.
  • Women are measured by results, men are measured by their potential.
  • Don’t worry about career path, find your own way to happiness and fulfillment.
Sara-Lena Eisermann, Chris Philipps, Füsun Wehrmann, Peter Grosskopf and Rino Montiel. Photo courtesy of GOTO Berlin 2018

Introduction to OAuth2 and OpenID Connect

Philippe De Ryck, founder of Pragmatic Web Security, talks about access delegation standards. OAuth is a delegation framework that appears on the radar of security professionals and developers more and more every day. OAuth intersects with authentication and access control. e.g. Alex has a twitter account and wants to use a twitter management app. This third party app will need to act on behalf of Alex to post and read tweets from his/her behalf. Twitter will need to negotiate access with the third party application and ask Alex to grant access to his/her resources.

Photo courtesy of GOTO Berlin 2018

In order to achieve this, there are two processes that need to happen. First, the user needs to grant access to the third party application- this is denominated “grant flow”. Once the user has granted access, the third party application will try to access the resources using the “access flow”.

Bellow you can find the different grant flows:

Client credentials

  • Direct access by the client application — via access token
  • Obtained using client credentials

Authorization code

  • Delegated access to a backend application — via access token
  • Obtained by exchanging code with client credentials — refresh token can be used with client credentials


  • Delegated access to a frontend application — via access token
  • Directly obtained through the redirect — not supposed to have access to refresh tokens

Once an application has been granted access to a resource, the authorization server will issue a token, which can be of two kinds: Reference tokens and Self contained tokens. Reference tokens are just a reference to the grants, the resource server can use this token to validate the operations that needs to be performed against the authentication server. Self contained tokens, on the other hand, work on their own, all the required metadata to authorize the request is already embedded on the tokens. You can find below a list of pros and cons to both approaches.



  • Contains everything to make the authorization decision
  • More flexible
  • Remove dependency on the authorization server
  • Short lifetime


  • Lack of control: once they are issued, you can’t invalidate them

Reference tokens


  • Just a reference to the actual authorization metadata
  • Centralized control.
  • Revocation on demand


  • Authorization server can become a bottleneck
  • Requires storage and maintenance of all the tokens

This talk covered as well OpenID Connect, which is built on top of OAuth2 and try to tackle the following questions:

  1. Was the user actually present during the grant operation?
  2. How to get access to the user’s information?

I encourage you to check out the full presentation here.

The Future of Modern Application Development

Chris Munns, Principal Developer Advocate for Serverless at Amazon Web Services, talks about their predictions for application development base on technology trends they see getting adopted by customer on the famous cloud platform AWS. For me, it was a huge to-do list for topics to read about.

Photo courtesy of GOTO Berlin 2018

Customer Facing:

Reactive web interfaces

  • Angularjs, React, vue

Progressive web applications

  • Merge web and native applications for both mobile and desktop users
  • Good example of it is Starbucks, with the biggest mobile payment app in the world.

UIs evolve to voice

  • Currently 10% of the search are done via voice
  • For 2020 over 200 billion searches per month will be done with voice
  • Integrate intelligent assistance such as ‘Alexa’ or ‘Google Home’ with multiple devices and applications

Backend Applications:


  • Decouple services
  • Let product teams focus on business value
  • Provides a tool box: Deployment tools, CI/CD, Monitoring, Logging, apm, Security, Auto-scaling and High availability.


  • GraphQL is to the API, what SQL is to the database.
  • With one single query you can build up all the require information for clients.
  • Really powerful to replace ‘backend for frontends’.
  • Efficient data delivery
  • Self documented

What about the party?

Because not everything can be learning and hard working, we took some time to celebrate at GOTO Berlin. One of the most interesting things I saw was the mind balls: a game in which a brain sensor is strapped to your head and two participants need to move a ball across the field to win the game. The more concentrated you are, the faster the ball move to the opponent’s place.

photo courtesy of GOTO Berlin 2018

All in all, it was tons of fun.

PS: yes, they are what you think, insects.

Interested in joining one of our teams as we grow?

If you’d like to join us on the journey of building the mobile bank the world loves to use, have a look at some of the Tech roles we’re looking for here.

Follow us on LinkedIn and Twitter to keep updated and in touch with us!