OpenID Connect & OAuth 2.0 - Security Best Practices

OpenID Connect & OAuth 2.0 - Security Best Practices

NDC Conferences via YouTube Direct link

Authorization Code Injection

14 of 26

14 of 26

Authorization Code Injection

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

OpenID Connect & OAuth 2.0 - Security Best Practices

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Some Context...
  3. 3 Simplified
  4. 4 Attack Model (3)
  5. 5 Implicit Flow Request
  6. 6 Implicit Flow Response
  7. 7 Grand Unification
  8. 8 Machine to Machine
  9. 9 Client Authentication
  10. 10 Sender Constrained Access Tokens w/ MTLS
  11. 11 Interactive Applications
  12. 12 Redirect URI Validation Attacks
  13. 13 Credential Leakage via Referrer Headers
  14. 14 Authorization Code Injection
  15. 15 Mitigation: Proof key for Code Exchange
  16. 16 Countermeasures Summary
  17. 17 Mix Up Attack (Variant 1)
  18. 18 Mix Up Countermeasures
  19. 19 How does ASP.NET Core prevent Mix Up Attacks?
  20. 20 Anti Pattern: Native Login Dialogs
  21. 21 Using a browser with Code Flow + PKCE
  22. 22 Different Approaches
  23. 23 Browser-based Applications (aka SPAs)
  24. 24 Anti-Forgery Protection
  25. 25 Refresh Token Storage in Browsers
  26. 26 What's next?

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.