What's New With OAuth and OIDC?

Показать описание

In this talk you'll learn about the latest developments with the #OAuth and #OIDC specs directly from the standards group. The latest additions to the specs enable richer experiences and better security for applications using OAuth.

TIMESTAMPS
0:00 Intro
0:11 The standards groups
3:31 IETF spec lifecycle
4:59 Mutual TLS
6:43 Resource Indicators
8:20 OAuth 2.0 Security Best Current Practice
17:47 OAuth for Browser-Based Apps
19:52 JWT Profile for Access Tokens
20:39 Rich Authorization Requests (RAR)
22:22 Pushed Authorization Requests (PAR)
23:49 JWT Authorization Requests (JAR)
25:34 OAuth 2.1
29:12 OAuth 3 / TXAuth

Read more at:

Рекомендации по теме

Комментарии

Wow that's some really cool stuff coming if seen from a security perspective. You have set a benchmark for security and you will continue to set benchmarks in the years ahead. Great going Guys.

RahulSoshte

fantastic video and explaining Aaron. Thank you so much! it's nice they are cleaning up oAuth with 2.1. All devs should watch this video

rjk

Thanks for sharing this Knowledge.
I found it very clear and useful. I am doing some work as IAM Arch and not always it is clear the path.

santiagocavanna

Great video as usual . Is there any platform wherein one can raise OIDC specification question to OKTA Developers? Thanks

gobindrawat

Is it possible from within a microservice architecture, where it uses event sourcing, event streaming and CQRS, to return the response to the client from a different service, I know we have redirects atm, but that is http blocking by nature, which is not wanted behaviour. And obviously two services can't share the same httpcontext.

jwbonnett

Does this mean all native mobile apps are being prescribed to use a browser component to perform authentication or are there still possibilities to 'natively' implement authentication? What's the security thinking for the latter now that ROPC is being dropped?

tanmimam

Maybe I'm not bright enough, but...
As a developer I don't even need your RFC's or "best practices". I need an official interfaces and official unit test suite. Interfaces and tests can be any language as a start. It will be rewritten to other languages by enthusiasts anyway.
So, my OAuth2 implementation is finished when it passes official unit tests suite. I don't even need to think whether my implementation correct or not. Pretty simple.

yuriybelenko

What's New With OAuth and OIDC?

OAuth 2 Explained In Simple Terms

What's New With OAuth and OIDC?

OAuth 2.0 explained with examples

An Illustrated Guide to OAuth and OpenID Connect

oAuth for Beginners - How oauth authentication🔒 works ?

What is OAuth and why does it matter? - OAuth in Five Minutes

Ch-Ch-Changes with OAuth and Salesforce

What is OAuth?

OAuth 2.0 & OpenID Connect (OIDC): Technical Overview

OAuth 2 1: What's New and What's Next

What's new in OAuth 2.1?

What's the difference between Confidential and Public clients? - OAuth in Five Minutes

How to create Google OAuth Credentials (Client ID and Secret)

OAuth 2.0 access tokens explained

Auth0 in 100 Seconds // And beyond with a Next.js Authentication Tutorial

OAuth in 3…2…1 #javascript #python #web #coding #programming

What's going on with the OAuth 2.0 Implicit flow?

PAR: Securing the OAuth and OpenID Connect Front-Channel - Dominick Baier - NDC Security 2024

OAuth 2.0 Auth Code Injection Attack in Action

Securing API Access with OAuth and Open ID Connect | Friends of Max Demonstration

OAuth 2.0: An Overview

OAuth 2.0 and OpenID Connect (in plain English)

24. OAuth 2.0: Explained with API Request and Response Sample | High Level System Design

What is OAuth? How does Open Authorization Work?