oauth   15397

« earlier    

OAuth Recommendations for Single-page Apps
Single-page applications (SPAs) are often protected by a homegrown single sign-on (SSO) solution, which may leave them open to security risks. Get Ping Identity’s recommendations and best practices for integrating OAuth and OpenID Connect with SPAs to harden browser-based apps against common threats.
oauth  keycloak 
6 days ago by jonasbehmer
A reverse proxy that provides authentication with Google, Github or other provider
OAuth  identity  proxy  nginx 
9 days ago by activescott
Facebook’s OAuth problem - Alex Bilbie
redirect_uri can be not only app’s domain, but facebook.com domain is also allowed. In our exploit we used response_type=token,signed_request&redirect_uri=FB_PATH where FB_PATH was a specially crafted URL to disclose these values..
oauth  security  login 
19 days ago by adamcohenrose

« earlier    

related tags

android  angular  api  apigee  articles  auth  auth0  authentication  authn  authorization  aws  aws_security  azureactivedirectory  best-practices  buzzfeed  callback  certificate  citrix  cli  code  coding  comparison  crypto  debugger  description  development  dynamic  explanation  facebook  fhir  flights  gateway  gcp  github  go  golang  google  guide  hack  hacked  heart  heroku  howto  identity  ims  javascript  json  jwt  k8s  keycloak  localhost  login  lti  lua  microservice  microservices  netifly  nginx  oauth2  oidc  okta  openid  opensource  opnid  oss  perl  php  portforward  postman  power  presentation  programming  proxy  pwa  react.js  react  redirect  reference-implementations  rest  restapinotes  rocket  routing  rs256  salesforce  saml  security  server  serverless  shell  signin  slack  software  spa  springframework  sso  standards  stateless  swagger  thomas_bush  tools  travel  tutorial  two  type:tool  web  web_development  x509 

Copy this bookmark: