filmov
tv
PAR: Securing the OAuth and OpenID Connect Front-Channel - Dominick Baier - NDC Security 2024
Показать описание
This talk was recorded at NDC Security in Oslo, Norway. #ndcsecurity #ndcconferences #security #developer #softwaredeveloper
Attend the next NDC conference near you:
Subscribe to our YouTube channel and learn every day:
OAuth flows need to be initiated anonymously using a Browser. To give the user the optimal experience, various request parameters are required. Manipulating those requests has been one of the most common attack vectors in OAuth.
Pushed Authorize Requests (PAR) is a new specification from the OAuth protocol family that solves those problems by adding client authentication to the initial request, and removing the request parameters from the URL altogether.
Learn how PAR works, why we think it should be the default going forward, and which additional scenarios it enables.
Attend the next NDC conference near you:
Subscribe to our YouTube channel and learn every day:
OAuth flows need to be initiated anonymously using a Browser. To give the user the optimal experience, various request parameters are required. Manipulating those requests has been one of the most common attack vectors in OAuth.
Pushed Authorize Requests (PAR) is a new specification from the OAuth protocol family that solves those problems by adding client authentication to the initial request, and removing the request parameters from the URL altogether.
Learn how PAR works, why we think it should be the default going forward, and which additional scenarios it enables.
0:50:27
0:06:44
0:05:59
0:16:36
0:00:41
0:59:33
0:44:39
0:08:07
0:10:03
0:09:13
0:18:01
0:58:15
1:05:10
0:09:35
0:42:20
0:57:36
0:16:21
0:01:59
0:10:18
0:04:22
0:06:24
0:53:13
0:59:25
0:52:58