OpenID Connect & OAuth 2.0 - Security Best Practices
Offered By: NDC Conferences via YouTube
Course Description
Overview
Syllabus
Intro
High Security OAuth
Some Context...
Relevant Documents
The Big Picture
Simplified
Attack Model (3)
Implicit Flow Request
Implicit Flow Response
No more Password Grant
Original Flows
Grand Unification
Machine to Machine
Client Authentication
Bearer Tokens
Interactive Applications
Redirect URI Validation Attacks
Credential Leakage via Referrer Heade
Authorization Code Injection
Mitigation: Proof key for Code Exchan
Cross Site Request Forgery
Countermeasures Summary
MixUp Attack (Variant 1)
Mix Up Countermeasures
Public Clients
Anti Pattern: Native Login Dialogs
Using a browser with Code Flow + PKG
Different Approaches
Token Storage & Management
Browser-based Applications aka SPA
Same-Site Architecture
Anti-Forgery Protection
Access Token Storage in Browsers
OAuth 2.1
Taught by
NDC Conferences
Related Courses
Health Informatics: Data and Interoperability StandardsGeorgia Institute of Technology via edX Fractal Architecture
NDC Conferences via YouTube Strangling the Monolith - Applied Patterns & Practices from the Trenches
NDC Conferences via YouTube Refactoring Is Not Just Clickbait
NDC Conferences via YouTube Amazing Algorithms for Solving Problems in Software
NDC Conferences via YouTube