OpenID Connect & OAuth 2.0 - Security Best Practices

OpenID Connect & OAuth 2.0 - Security Best Practices

NDC Conferences via YouTube Direct link

No more Password Grant

7 of 28

7 of 28

No more Password Grant

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

OpenID Connect & OAuth 2.0 - Security Best Practices

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Some Context...
  3. 3 Simplified
  4. 4 Attack Model (1)
  5. 5 Implicit Flow Request
  6. 6 Implicit Flow Response
  7. 7 No more Password Grant
  8. 8 Grand Unification
  9. 9 Machine to Machine
  10. 10 Client Authentication
  11. 11 Sender Constrained Access Tokens w/ MTLS
  12. 12 Interactive Applications
  13. 13 Redirect URI Validation Attacks
  14. 14 Credential Leakage via Referrer Headers
  15. 15 Authorization Code Injection
  16. 16 Mitigation: Proof key for Code Exchange
  17. 17 Countermeasures Summary
  18. 18 Mix Up Attack (Variant 1)
  19. 19 How does ASP.NET Core prevent Mix Up Attacks?
  20. 20 Public Clients
  21. 21 Anti Pattern: Native Login Dialogs
  22. 22 Using a browser with Code Flow + PKCE
  23. 23 Different Approaches
  24. 24 Anti-Forgery Protection
  25. 25 Refresh Token Storage in Browsers
  26. 26 What's next?
  27. 27 JWT Secured Authorization Requests (JAR)
  28. 28 Pushed Authorization Requests (1)

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.