While any alternative to the cross-service password sharing anti-pattern is goodness, OAuth 2.0 also introduces some insecure flows to accommodate a broad range of use cases and to be as developer-friendly as possible. A previous post explores these assurance issues,… Continue reading
In a previous post, “REST Uneasy: Do we need to Worry about OAuth 2.0?” I raised a question which I’ll now attempt to answer in some detail.
The OAuth 2.0 protocol is designed to improve security in scenarios where,… Continue reading
Reading the IETF OAuth 2.0 authorization API specifications and generally investigating similar social login protocols over the past couple of months has been fascinating. While the journey is far from over, I’ve come far enough to gain perspective on the… Continue reading