BloomTech’s Downfall: A Long Time Coming

OpenID Connect & OAuth 2.0 - Security Best Practices

OpenID Connect & OAuth 2.0 - Security Best Practices

NDC Conferences via YouTube Direct link

Intro

1 of 26
Next

1 of 26

Intro

Class Central Classrooms beta

YouTube playlists curated by Class Central.

Classroom Contents

OpenID Connect & OAuth 2.0 - Security Best Practices

Automatically move to the next video in the Classroom when playback concludes
  1. 1 Intro
  2. 2 Some Context...
  3. 3 Simplified
  4. 4 Attack Model (3)
  5. 5 Implicit Flow Request
  6. 6 Implicit Flow Response
  7. 7 Grand Unification
  8. 8 Machine to Machine
  9. 9 Client Authentication
  10. 10 Sender Constrained Access Tokens w/ MTLS
  11. 11 Interactive Applications
  12. 12 Redirect URI Validation Attacks
  13. 13 Credential Leakage via Referrer Headers
  14. 14 Authorization Code Injection
  15. 15 Mitigation: Proof key for Code Exchange
  16. 16 Countermeasures Summary
  17. 17 Mix Up Attack (Variant 1)
  18. 18 Mix Up Countermeasures
  19. 19 How does ASP.NET Core prevent Mix Up Attacks?
  20. 20 Anti Pattern: Native Login Dialogs
  21. 21 Using a browser with Code Flow + PKCE
  22. 22 Different Approaches
  23. 23 Browser-based Applications (aka SPAs)
  24. 24 Anti-Forgery Protection
  25. 25 Refresh Token Storage in Browsers
  26. 26 What's next?

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.