Completed
Bearer Tokens
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
OpenID Connect & OAuth 2.0 - Security Best Practices
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 High Security OAuth
- 3 Some Context...
- 4 Relevant Documents
- 5 The Big Picture
- 6 Simplified
- 7 Attack Model (3)
- 8 Implicit Flow Request
- 9 Implicit Flow Response
- 10 No more Password Grant
- 11 Original Flows
- 12 Grand Unification
- 13 Machine to Machine
- 14 Client Authentication
- 15 Bearer Tokens
- 16 Interactive Applications
- 17 Redirect URI Validation Attacks
- 18 Credential Leakage via Referrer Heade
- 19 Authorization Code Injection
- 20 Mitigation: Proof key for Code Exchan
- 21 Cross Site Request Forgery
- 22 Countermeasures Summary
- 23 MixUp Attack (Variant 1)
- 24 Mix Up Countermeasures
- 25 Public Clients
- 26 Anti Pattern: Native Login Dialogs
- 27 Using a browser with Code Flow + PKG
- 28 Different Approaches
- 29 Token Storage & Management
- 30 Browser-based Applications aka SPA
- 31 Same-Site Architecture
- 32 Anti-Forgery Protection
- 33 Access Token Storage in Browsers
- 34 OAuth 2.1