Many people dislike “Redirect Flow” saying that it is intrusive, but that is not correct: It is just the bad implementation. In this video, I…
View More Is redirect flow intrusive? – 2 min. OAuth
Category: 2 minutes OAuth
The Audience of Tokens – 2 min. OAuth #10
The audience of a token is one of the most important yet often overlooked notion that is causing security breaches. In this episode, you will…
View More The Audience of Tokens – 2 min. OAuth #10
Facebook hack and OAuth User Authentication [2 min OAuth]
In this episode, I used the Facebook hack as the leeway to explain why using an access token to represent a user is a bad idea.
View More Facebook hack and OAuth User Authentication [2 min OAuth]
Secret of Authorization Code [OAuth 2 min]
This week, I have explained often an untalked property of OAuth 2.0.
View More Secret of Authorization Code [OAuth 2 min]
Where are Sender Constrained Token used in RFC6749?
Hi, Nat Sakimura here. In the last week’s episode, I have explained what are sender constrained tokens But you may wonder where these are going…
View More Where are Sender Constrained Token used in RFC6749?
2 mintues OAuth: Bearer and Sender Constrained Tokens
In the episode #1, I have explained that OAuth uses metro ticket like “tokens” to access a protected resource. These are called bearer tokens as…
View More 2 mintues OAuth: Bearer and Sender Constrained Tokens
[2 minutes OAuth] #1 Basic Concepts
I have started a new Youtube video series to explain the concepts of OAuth 2.0 to non-technical people. The series name is “2 minutes OAuth”.…
View More [2 minutes OAuth] #1 Basic Concepts