OAuth - When Things Go Wrong

Explore common security threats and protective measures when building microservices using OAuth in this informative conference talk. Delve into high-profile API security breaches related to OAuth, examining implementation patterns for mobile apps, browser-based apps, and web server apps. Learn about the latest best practices in OAuth security being developed by the IETF OAuth working group. Discover insights on stolen access tokens, JSON Web Tokens, phishing emails, and OAuth prompts from various popular services. Gain valuable knowledge on identifying services and educating users to enhance overall security in OAuth implementations.

Introduction
Context
Things that can go wrong
Twitter
The moral of the story
Pixie
What pixie does
Slow diagram
Stolen access tokens
Facebook security update
The 3 bugs
How did this happen
How do you fix this
Not giving complete trust
JWT
What happened
JSON Web Token
Moral of the Story
Phishing Email
OAuth Prompt
Google OAuth Consent
Wonderlist OAuth Consent
Flickr OAuth Consent
Spotify OAuth Consent
GitHub OAuth Consent
Facebook OAuth Consent
Prototype OAuth
Identify the service
Educate users