Security Weekly Podcast Network (Video)

OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289

Jun 25, 2024

37:01

forum

Ask episode

view_agenda

Chapters

auto_awesome

Transcript

info_circle

Episode notes

OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by default, but it's not even always inter-operable.

Segment Resources:

https://oauth.net/2.1
https://oauth.net/specs/
https://oauth2simplified.com/
https://oauth.net/2/dpop/
https://oauth.net/2/oauth-best-practice/
https://oauth.net/fapi/
https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API

Show Notes: https://securityweekly.com/asw-289

Home Top podcasts Popular guests Top books