OpenID Connect & OAuth 2.0 - Security Best Practices

OpenID Connect & OAuth 2.0 - Security Best Practices

NDC Conferences via YouTube Direct link

High Security OAuth

2 of 34

2 of 34

High Security OAuth

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

OpenID Connect & OAuth 2.0 - Security Best Practices

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 High Security OAuth
  3. 3 Some Context...
  4. 4 Relevant Documents
  5. 5 The Big Picture
  6. 6 Simplified
  7. 7 Attack Model (3)
  8. 8 Implicit Flow Request
  9. 9 Implicit Flow Response
  10. 10 No more Password Grant
  11. 11 Original Flows
  12. 12 Grand Unification
  13. 13 Machine to Machine
  14. 14 Client Authentication
  15. 15 Bearer Tokens
  16. 16 Interactive Applications
  17. 17 Redirect URI Validation Attacks
  18. 18 Credential Leakage via Referrer Heade
  19. 19 Authorization Code Injection
  20. 20 Mitigation: Proof key for Code Exchan
  21. 21 Cross Site Request Forgery
  22. 22 Countermeasures Summary
  23. 23 MixUp Attack (Variant 1)
  24. 24 Mix Up Countermeasures
  25. 25 Public Clients
  26. 26 Anti Pattern: Native Login Dialogs
  27. 27 Using a browser with Code Flow + PKG
  28. 28 Different Approaches
  29. 29 Token Storage & Management
  30. 30 Browser-based Applications aka SPA
  31. 31 Same-Site Architecture
  32. 32 Anti-Forgery Protection
  33. 33 Access Token Storage in Browsers
  34. 34 OAuth 2.1

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.