Software Engineering Radio - the podcast for professional software developers cover image

Episode 526: Brian Campbell on Proof of Possession Defenses

Software Engineering Radio - the podcast for professional software developers

00:00

Proof of Possession in OAuth

In OAuth and other areas, there are attempts to bind the issued tokens to a key. The idea then being that there's something in the token then that says, I'm more than a bear token. In order to accept me as good enough, you also have to ensure that whoever's showing up with me proves possession of this associated key. And what that does is prevent the token from being used by someone who does not possess the key. But it turns out that it's pretty difficult to do reliably.

Transcript
Play full episode

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
 Get the app