Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

NDC Conferences

OpenID Connect & OAuth 2.0 - Security Best Practices

NDC Conferences via YouTube

Overview

Explore OAuth 2.0 and OpenID Connect security best practices in this comprehensive NDC Oslo 2020 conference talk. Delve into the evolution of these protocols since their initial publication, examining known implementation weaknesses, anti-patterns, and emerging use cases in high-security environments. Learn about the IETF's Best Current Practices (BCPs) that update original specifications and threat models. Gain insights into topics such as high-security OAuth, attack models, flow modifications, client authentication, bearer tokens, and mitigation strategies for various security vulnerabilities. Discover the latest developments in OAuth 2.1 and understand how to implement robust security measures for API protection and identity management in modern applications.

Syllabus

Intro
High Security OAuth
Some Context...
Relevant Documents
The Big Picture
Simplified
Attack Model (3)
Implicit Flow Request
Implicit Flow Response
No more Password Grant
Original Flows
Grand Unification
Machine to Machine
Client Authentication
Bearer Tokens
Interactive Applications
Redirect URI Validation Attacks
Credential Leakage via Referrer Heade
Authorization Code Injection
Mitigation: Proof key for Code Exchan
Cross Site Request Forgery
Countermeasures Summary
MixUp Attack (Variant 1)
Mix Up Countermeasures
Public Clients
Anti Pattern: Native Login Dialogs
Using a browser with Code Flow + PKG
Different Approaches
Token Storage & Management
Browser-based Applications aka SPA
Same-Site Architecture
Anti-Forgery Protection
Access Token Storage in Browsers
OAuth 2.1

Taught by

NDC Conferences

Reviews

Start your review of OpenID Connect & OAuth 2.0 - Security Best Practices

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.