YoVDO

OpenID Connect & OAuth 2.0 - Security Best Practices

Offered By: NDC Conferences via YouTube

Tags

NDC Conferences Courses OAuth Courses OpenID Connect (OIDC) Courses

Course Description

Overview

Explore OAuth 2.0 and OpenID Connect security best practices in this comprehensive NDC Oslo 2020 conference talk. Delve into the evolution of these protocols since their initial publication, examining known implementation weaknesses, anti-patterns, and emerging use cases in high-security environments. Learn about the IETF's Best Current Practices (BCPs) that update original specifications and threat models. Gain insights into topics such as high-security OAuth, attack models, flow modifications, client authentication, bearer tokens, and mitigation strategies for various security vulnerabilities. Discover the latest developments in OAuth 2.1 and understand how to implement robust security measures for API protection and identity management in modern applications.

Syllabus

Intro
High Security OAuth
Some Context...
Relevant Documents
The Big Picture
Simplified
Attack Model (3)
Implicit Flow Request
Implicit Flow Response
No more Password Grant
Original Flows
Grand Unification
Machine to Machine
Client Authentication
Bearer Tokens
Interactive Applications
Redirect URI Validation Attacks
Credential Leakage via Referrer Heade
Authorization Code Injection
Mitigation: Proof key for Code Exchan
Cross Site Request Forgery
Countermeasures Summary
MixUp Attack (Variant 1)
Mix Up Countermeasures
Public Clients
Anti Pattern: Native Login Dialogs
Using a browser with Code Flow + PKG
Different Approaches
Token Storage & Management
Browser-based Applications aka SPA
Same-Site Architecture
Anti-Forgery Protection
Access Token Storage in Browsers
OAuth 2.1


Taught by

NDC Conferences

Related Courses

Health Informatics: Data and Interoperability Standards
Georgia Institute of Technology via edX
Fractal Architecture
NDC Conferences via YouTube
Strangling the Monolith - Applied Patterns & Practices from the Trenches
NDC Conferences via YouTube
Refactoring Is Not Just Clickbait
NDC Conferences via YouTube
Amazing Algorithms for Solving Problems in Software
NDC Conferences via YouTube