2 minutes OAuth: #1 Basic Concepts

I have started a new Youtube video series to explain the concepts of OAuth 2.0 to non-technical people. The series name is “2 minutes OAuth”. As the name suggests, each video will be around two minutes and explains one concept at a time.

The episode #1 explains how OAuth works by taking metro as an example.

You might think

Wait a moment. Is protected resource a train or the gate?

You asking that question is quite correct. In fact, it is one of the shortcomings of the OAuth. It does not distinguish between Policy Enforcement Point and the resource. These are going to be explained later in the series.

For now, what I have in mind for the series are:

  1. Basic concepts
  2. Bearer and Sender constrained tokens
  3. Different Endpoints in OAuth
    1. Authorization Request and Response
    2. Token Request and Response
  4. Confidential and public clients
  5. Access tokens and Refresh tokens
  6. Proof Key for Code Exchange (PKCE)
  7. Implicit flow and code flow
  8. Integrity protected authorization response
  9. JWS Authorization Request (JAR)
  10. PAP, PDP, PEP
  11. (… continues)

I might combine some of them, or split one subject to multiple sub-subjects. They are yet to be seen.

To get updates on my youtube channel, you can subscribe to my channel from here.

I hope you will enjoy it.

What encoding should a URI in OpenID and OAuth discovery document use for an internationalized domain name (IDN)?

So, what encoding should a URI in OpenID Connect and OAuth discovery document use for an internationalized domain name such as “müsik.example.com”? . One option is to represent it in the encoding of the discovery document. As of January 2018, it MUST be UTF-8. Another option is to represent it in …

Blockchain Use cases and Identity

I just came across with Don Tapscott’s TED Talk titled “How the blockchain is changing money and business” . In it, he talks about 5 potential use cases of blockchain technology that may result in transformations for a prosperous world. They are: Protecting rights through immutable records, e.g., land title. In many places …

Attack Vectors on Modern Cars – Side Effects of Automotive Digitalization

The keynote presentation at the #EIC17 by Stephan Gerhager was an intriguing one. It amply told us that the security model around cars is really scary. I do not feel good driving a connected car after hearing it. It is a pity that neither video nor presentation is available, but here …