Software Engineering Radio - the podcast for professional software developers cover image

Episode 376: Justin Richer On API Security with OAuth 2

Software Engineering Radio - the podcast for professional software developers

00:00

How Does Dropbox Prove It's Legitimate?

When OAuth 1 was written, it was assumed that all client applications and all authorization servers would have access to effectively shared secrets. When OAuth 2 at least admitted that not all client applications are able to do that. All of that gets bundled up into this access token, which is what then gets handed back to the client. But the API needs to be able to support that level of granularity.

Transcript
Play full episode

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
 Get the app