40 min listen
OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289
OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289
ratings:
Length:
37 minutes
Released:
Jun 25, 2024
Format:
Podcast episode
Description
OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by default, but it's not even always inter-operable. Segment Resources: https://oauth.net/2.1 https://oauth.net/specs/ https://oauth2simplified.com/ https://oauth.net/2/dpop/ https://oauth.net/2/oauth-best-practice/ https://oauth.net/fapi/ https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API Show Notes: https://securityweekly.com/asw-289
Released:
Jun 25, 2024
Format:
Podcast episode
Titles in the series (100)
Drunken Security News - Episode 344: Want to try to scam John Strand? That might not be the best of ideas. Burp got updated, Rsnake's "joke", opting out to watch porn, 5 Guys Burgers on security and maybe a new way to prevent CSRF. by Security Weekly Podcast Network (Video)