Just came across this article: Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X, by The Register. Since the news itself did not explain…
View More On the XARA vulnerability on MacOS X and iOS
Category: OpenID Connect
Apple’s answer to the in-secure use of in-app browser? — iOS 9 introduces SFSafariViewController
Apple forcing developpers to use in-app browser instead of spawning Safari has been known as an extremely insecure practice for sometime. There many reasons that…
View More Apple’s answer to the in-secure use of in-app browser? — iOS 9 introduces SFSafariViewController
Making a Javascript OpenID Connect Client in 4 steps
When John, Breno, and I started the OpenID Connect work, one of the target was to make it as simple as putting two files on…
View More Making a Javascript OpenID Connect Client in 4 steps
draft 02 of OpenID 2.0 to Connect Migration is now available
OpenID 2.0 to OpenID Connect Migration (aka OID2 to OIDC Migration) is a spec that allows RPs to associate the old OpenID 2.0 identifiers to…
View More draft 02 of OpenID 2.0 to Connect Migration is now availableCovert Redirect is not new but.. A risk analysis and recommendations
So, there has been a flurry of worries induced by the CNET and other articles [1] about “Covert Redirect”. Like Leandro Boffi wrote in his blog…
View More Covert Redirect is not new but.. A risk analysis and recommendations
OpenID Connect is here! – An Identity Layer on the internet
Celebrate! OpenID Connect 1.0 Final is here! After four and half years, or six years if we include the time needed to start the working…
View More OpenID Connect is here! – An Identity Layer on the internet
Guidance on which grant / flow to use for OpenID Connect
Many people seem to ask for the guidance on which grant / flow to use in OpenID Connect. Here is my straw-man answer. Conditions /…
View More Guidance on which grant / flow to use for OpenID Connect
Refactoring OpenID Connect Drafts
After the Berlin OpenID AB/C WG F2F meeting, I have been trying to refactor the Connect suites into more palatable form. I am supposed to…
View More Refactoring OpenID Connect Drafts
What to read when you want to build OpenID Connect
OpenID Connect has many components. Sometimes, it seems confusing what to read for a new reader, or worse, intimidating. Here is a flow chart I…
View More What to read when you want to build OpenID Connect
Write an OpenID Connect server in three simple steps
An OpenID Connect server is just an OAuth 2.0 server on steroids. What it does it to return the ID Token, which contains information about…
View More Write an OpenID Connect server in three simple steps