Completed
Implicit Flow Response
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
OpenID Connect & OAuth 2.0 - Security Best Practices
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Some Context...
- 3 Simplified
- 4 Attack Model (1)
- 5 Implicit Flow Request
- 6 Implicit Flow Response
- 7 No more Password Grant
- 8 Grand Unification
- 9 Machine to Machine
- 10 Client Authentication
- 11 Sender Constrained Access Tokens w/ MTLS
- 12 Interactive Applications
- 13 Redirect URI Validation Attacks
- 14 Credential Leakage via Referrer Headers
- 15 Authorization Code Injection
- 16 Mitigation: Proof key for Code Exchange
- 17 Countermeasures Summary
- 18 Mix Up Attack (Variant 1)
- 19 How does ASP.NET Core prevent Mix Up Attacks?
- 20 Public Clients
- 21 Anti Pattern: Native Login Dialogs
- 22 Using a browser with Code Flow + PKCE
- 23 Different Approaches
- 24 Anti-Forgery Protection
- 25 Refresh Token Storage in Browsers
- 26 What's next?
- 27 JWT Secured Authorization Requests (JAR)
- 28 Pushed Authorization Requests (1)