Showing 5 out of 5 results


Should We Be on the Lookout for OAuth 3.0?

OAuth.net recently shared details around the ongoing effort to create a next-generation protocol based on years of knowledge and experience with OAuth 2. Find out what this means and how you can get involved.

October 29, 2020

Advanced OAuth and Pitfalls

Deep dive into some advanced OAuth 2.0 processes and pitfalls like redirect URLs and STATE property.

November 5, 2020

Understanding the Secrets of OAuth 2.0 with Aaron Parecki

Learn the secrets of building a secure web application by using OAuth 2.0. The framework has already become an industry standard. Aaron Parecki, author of the book "OAuth 2.0 Simplified,” guides you through some of the main reasons to use the framework and what it takes to build a secure web server.

October 22, 2020

Introduction to OAuth 2.0 and OpenID Connect

OAuth is a delegation framework that appears on the radar of security professionals and developers more and more every day. OAuth intersects with authentication and access control, yet you would not likely use OAuth in and of itself for authentication, session management or an access control in your applications. Even more confusing, OAuth is not a standard and various service providers will likely have different implementations. Let's say it again, OAuth is not a standard - its a framework for delegation. So this leaves us with questions! What really is delegation? Where does OAuth fit in? How can I use OAuth in a secure fashion? To add more confusion to this topic, OpenID Connect was build on top of OAuth 2.0. OpenID Connect has become an industry leading standard for user identification. It is used by many of the largest organizations on the web. When implemented properly, OpenID Connect can be a reliable and secure solution for user identification. When implemented improperly, OpenID Connect can leave a gaping whole in your infrastructure that leaks important capabilities to unwanted parties. This talk with provide an introduction to both topics and what their intended use is really for.


OAuth Tokens As Your Identity API

You have an OAuth server, now what? In this talk, Jacob will illustrate how OAuth and OpenID Connect can be leveraged to deliver agility and scalability while also ensuring security. Distributed systems bring with them complexities surrounding identity. How should end-user identities be traced and delegated? How can we manage user permissions across groups and in large organizations? Jacob will explore a standards-based approach using protocols like OAuth and OpenID Connect, highlighting patterns for large scale deployments while keeping things simple. We’ll also see how identity is preserved and utilized within complex software delivery networks like Kubernetes.