Full episode and show notes

OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication – Aaron Parecki – ASW #289

OAuth 2.0 is more than just a single spec and it’s used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by default, but it’s not even always inter-operable. Segment Resources: https://oauth.net/2.1 https://oauth.net/specs/ https://oauth2simplified.com/ https://oauth.net/2/dpop/ https://oauth.net/2/oauth-best-practice/ https://oauth.net/fapi/ https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API

Full Segment Notes

OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by default, but it's not even always inter-operable.

Segment Resources:

Guest

Aaron Parecki is an Identity Standards Architect at Okta with over 15 years of experience in the industry. He is active in multiple standards development organizations (SDOs), including IETF, OpenID Foundation, and W3C. He is the editor of OAuth 2.1 along with several other OAuth specifications, and co-chairs the SCIM working group at IETF. He has taught the fundamentals of OAuth and online security to thousands of developers worldwide through his book OAuth 2.0 Simplified as well as video courses and live online trainings.

Announcements

  • We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!

Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Segments

Related Content

You can skip this ad in 5 seconds