OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289

OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by default, but it's not even always inter-operable.

Segment Resources:

• https://oauth.net/2.1
• https://oauth.net/specs/
• https://oauth2simplified.com/
• https://oauth.net/2/dpop/
• https://oauth.net/2/oauth-best-practice/
• https://oauth.net/fapi/
• https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API

Show Notes: https://securityweekly.com/asw-289