Phil Windley

APRIL 18, 2023

OAuth was invented for a very specific purpose: to allow people to control access to resources associated with their accounts, without requiring that they share authentication factors. A primary use case for OAuth is accessing data in an account using an API. Here's a sample receipt of some of my listening history.

Resources 40

Resources Policies Applications Examples 40

Scott Lowe

APRIL 15, 2022

I asked a question about Git, Git tags, and releasing versions of a project on Twitter the other day (here’s the tweet ), and this article on Git branching was shared with me. I’ve been digging into OIDC/OAuth 2.0 Perhaps you’ll find it useful as well!

Linux 74

Linux Load Balancer IPv6 Licensing 74

Scott Lowe

MAY 7, 2021

The folks at Netskope have a pair of blog posts on GCP OAuth token hijacking in Google Cloud ( part 1 , part 2 ). Peter Bourgon speaks out against using build tags for integration tests. Peyton Smith and Mitchell Moser share seven common Microsoft Active Directory misconfigurations that adversaries tend to abuse. Programming.

Linux 60

Linux Hardware Network Cloud 60

ForAllSecure

MARCH 29, 2023

An attacker can craft a malicious query that includes a script tag with JavaScript code that steals the user's session token, allowing the attacker to impersonate the user and perform actions on their behalf. One common method of authentication and authorization is the use of OAuth 2.0. is an open standard for authorization.

Security 40

Security Development How To Authentication 40

Phil Windley

JUNE 27, 2022

Most API access is protected by an identity protocol called OAuth. You've used OAuth if you've ever used any kind of social login like Login with Apple, or Google sign-in. Rather, it uses them to authenticate with an authentication server for the API using OAuth. Tags: identity web mobile oauth cookies.

Authentication 72

Authentication Mobile Banking Security 72

A Screw's Loose

AUGUST 28, 2012

They may choose to do straight authentication against your enterprise id system, could use a certificate to do the same thing, or go with a token provided through oauth or SAML. print Tagged as: Enterprise Mobility , MIM , Security. Tags Applications. In this description though, we are looking at MAM, not MIM. Recent Posts.

Policies 64

Policies Mobile Enterprise Enterprise 64

Phil Windley

OCTOBER 11, 2022

The OpenID Foundation has defined protocols on top of OAuth 1 for issuing and presenting credentials. Extending OAuth and OIDC to support the issuance and presentation of verifiable credentials provides for richer interactions than merely supporting authentication. Recall that OpenID Connect is based on OAuth.

Authentication 52

Authentication Transportation Licensing Data 52