5min chapter

Software Engineering Radio - the podcast for professional software developers cover image

Episode 526: Brian Campbell on Proof of Possession Defenses

Software Engineering Radio - the podcast for professional software developers

CHAPTER

Proof of Possession in OAuth

In OAuth and other areas, there are attempts to bind the issued tokens to a key. The idea then being that there's something in the token then that says, I'm more than a bear token. In order to accept me as good enough, you also have to ensure that whoever's showing up with me proves possession of this associated key. And what that does is prevent the token from being used by someone who does not possess the key. But it turns out that it's pretty difficult to do reliably.

00:00

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.
App store bannerPlay store banner

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode