Many people dislike “Redirect Flow” saying that it is intrusive, but that is not correct: It is just the bad implementation. In this video, I…
View More Is redirect flow intrusive? – 2 min. OAuth
Category: OAuth
Comments back to “Transaction Authorization or why we need to re-think OAuth scopes” by Torsten
Torsten Lodderstedt’s excellent blog titled “Transaction Authorization or why we need to re-think OAuth scopes” has been floating around for a few weeks. I always…
View More Comments back to “Transaction Authorization or why we need to re-think OAuth scopes” by Torsten
The Audience of Tokens – 2 min. OAuth #10
The audience of a token is one of the most important yet often overlooked notion that is causing security breaches. In this episode, you will…
View More The Audience of Tokens – 2 min. OAuth #10
My session at Trustech 2018 (Nov. 27) @ Cannes, France
I will be speaking at Trustech 2018 at 10:35 AM on November 27, during the track “IDENTITY AND PRIVACY: THE FULL PICTURE”. You can find…
View More My session at Trustech 2018 (Nov. 27) @ Cannes, France
Secret of Authorization Code [OAuth 2 min]
This week, I have explained often an untalked property of OAuth 2.0.
View More Secret of Authorization Code [OAuth 2 min]
Where are Sender Constrained Token used in RFC6749?
Hi, Nat Sakimura here. In the last week’s episode, I have explained what are sender constrained tokens But you may wonder where these are going…
View More Where are Sender Constrained Token used in RFC6749?
2 mintues OAuth: Bearer and Sender Constrained Tokens
In the episode #1, I have explained that OAuth uses metro ticket like “tokens” to access a protected resource. These are called bearer tokens as…
View More 2 mintues OAuth: Bearer and Sender Constrained Tokens
[2 minutes OAuth] #1 Basic Concepts
I have started a new Youtube video series to explain the concepts of OAuth 2.0 to non-technical people. The series name is “2 minutes OAuth”.…
View More [2 minutes OAuth] #1 Basic ConceptsMy Slides for May 15 presentation at #EIC18
It was a fun day as always at #EIC18. No time right now to properly blog about it, so here are some of the tweets related…
View More My Slides for May 15 presentation at #EIC18
What encoding should a URI in OpenID and OAuth discovery document use for an internationalized domain name (IDN)?
So, what encoding should a URI in OpenID Connect and OAuth discovery document use for an internationalized domain name such as “müsik.example.com”? . One option is…
View More What encoding should a URI in OpenID and OAuth discovery document use for an internationalized domain name (IDN)?