Many people dislike “Redirect Flow” saying that it is intrusive, but that is not correct: It is just the bad implementation. In this video, I…View More Is redirect flow intrusive? – 2 min. OAuth
The audience of a token is one of the most important yet often overlooked notion that is causing security breaches. In this episode, you will…View More The Audience of Tokens – 2 min. OAuth #10
In this episode, I used the Facebook hack as the leeway to explain why using an access token to represent a user is a bad idea.View More Facebook hack and OAuth User Authentication [2 min OAuth]
This week, I have explained often an untalked property of OAuth 2.0.View More Secret of Authorization Code [OAuth 2 min]
Hi, Nat Sakimura here. In the last week’s episode, I have explained what are sender constrained tokens But you may wonder where these are going…View More Where are Sender Constrained Token used in RFC6749?
In the episode #1, I have explained that OAuth uses metro ticket like “tokens” to access a protected resource. These are called bearer tokens as…View More 2 mintues OAuth: Bearer and Sender Constrained Tokens
I have started a new Youtube video series to explain the concepts of OAuth 2.0 to non-technical people. The series name is “2 minutes OAuth”.…View More [2 minutes OAuth] #1 Basic Concepts