Many people dislike “Redirect Flow” saying that it is intrusive, but that is not correct: It is just the bad implementation. In this video, I…View More Is redirect flow intrusive? – 2 min. OAuth
Torsten Lodderstedt’s excellent blog titled “Transaction Authorization or why we need to re-think OAuth scopes” has been floating around for a few weeks. I always…View More Comments back to “Transaction Authorization or why we need to re-think OAuth scopes” by Torsten
The audience of a token is one of the most important yet often overlooked notion that is causing security breaches. In this episode, you will…View More The Audience of Tokens – 2 min. OAuth #10
I will be speaking at Trustech 2018 at 10:35 AM on November 27, during the track “IDENTITY AND PRIVACY: THE FULL PICTURE”. You can find…View More My session at Trustech 2018 (Nov. 27) @ Cannes, France
This week, I have explained often an untalked property of OAuth 2.0.View More Secret of Authorization Code [OAuth 2 min]
Hi, Nat Sakimura here. In the last week’s episode, I have explained what are sender constrained tokens But you may wonder where these are going…View More Where are Sender Constrained Token used in RFC6749?
In the episode #1, I have explained that OAuth uses metro ticket like “tokens” to access a protected resource. These are called bearer tokens as…View More 2 mintues OAuth: Bearer and Sender Constrained Tokens
I have started a new Youtube video series to explain the concepts of OAuth 2.0 to non-technical people. The series name is “2 minutes OAuth”.…View More [2 minutes OAuth] #1 Basic Concepts
It was a fun day as always at #EIC18. No time right now to properly blog about it, so here are some of the tweets related…View More My Slides for May 15 presentation at #EIC18
So, what encoding should a URI in OpenID Connect and OAuth discovery document use for an internationalized domain name such as “müsik.example.com”? . One option is…View More What encoding should a URI in OpenID and OAuth discovery document use for an internationalized domain name (IDN)?