Home Conference Sessions Introduction to ...

Introduction to OAuth 2.0 and OpenID Connect

Philippe De Ryck | GOTO Berlin 2018

You need to be signed in to add a collection

OAuth is a delegation framework that appears on the radar of security professionals and developers more and more every day. OAuth intersects with authentication and access control, yet you would not likely use OAuth in and of itself for authentication, session management or an access control in your applications. Even more confusing, OAuth is not a standard and various service providers will likely have different implementations. Let's say it again, OAuth is not a standard - its a framework for delegation. So this leaves us with questions! What really is delegation? Where does OAuth fit in? How can I use OAuth in a secure fashion? To add more confusion to this topic, OpenID Connect was build on top of OAuth 2.0. OpenID Connect has become an industry leading standard for user identification. It is used by many of the largest organizations on the web. When implemented properly, OpenID Connect can be a reliable and secure solution for user identification. When implemented improperly, OpenID Connect can leave a gaping whole in your infrastructure that leaks important capabilities to unwanted parties. This talk with provide an introduction to both topics and what their intended use is really for.

Share on:
linkedin facebook
Copied!

Transcript

OAuth is a delegation framework that appears on the radar of security professionals and developers more and more every day. OAuth intersects with authentication and access control, yet you would not likely use OAuth in and of itself for authentication, session management or an access control in your applications. Even more confusing, OAuth is not a standard and various service providers will likely have different implementations. Let's say it again, OAuth is not a standard - its a framework for delegation. So this leaves us with questions! What really is delegation? Where does OAuth fit in? How can I use OAuth in a secure fashion?

To add more confusion to this topic, OpenID Connect was build on top of OAuth 2.0. OpenID Connect has become an industry leading standard for user identification. It is used by many of the largest organizations on the web. When implemented properly, OpenID Connect can be a reliable and secure solution for user identification. When implemented improperly, OpenID Connect can leave a gaping whole in your infrastructure that leaks important capabilities to unwanted parties.

This talk with provide an introduction to both topics and what their intended use is really for.

About the speakers

Philippe De Ryck

Philippe De Ryck

Web Security Expert, Founder of Pragmatic Web Security