
Episode 376: Justin Richer On API Security with OAuth 2
Software Engineering Radio - the podcast for professional software developers
00:00
What's the Drawback of OAuth 2?
Jotz is a set of profiles for OAuth 2, Open ID Connect and user managed access or UMA that are specific to the healthcare world. Jots contain their own state, which means that a Jot is going to tell you if that Jot is still valid. There's no way to revoke a Jot once it's in flight because nobody will be doing any checks on that. A protocol called OAuth token introspection can go back to the authorizations and server and say "Hey, one, it can authenticate itself"
Transcript
Play full episode