auth   5027

« earlier    

How to log out when using JWT
Photo by Burst on Unsplash

The wander of JSON Web Tokens

JSON Web Tokens (J...
17 hours ago by lsrgt
paseto/docs at master · paragonie/paseto · GitHub
The version is a string that represents the current version of the protocol. Currently, two versions are specified, which each possess their own ciphersuites. Accepted values: v1, v2. The purpose is a short string describing the purpose of the token. Accepted values: local, public. via Pocket
IFTTT  Pocket  auth 
yesterday by rjp
sethvargo/vault-kubernetes-authenticator: An app and container for authenticating services to @HashiCorp Vault's via the Kubernetes auth method
GitHub is where people build software. More than 28 million people use GitHub to discover, fork, and contribute to over 85 million projects.
golang  vault  kubernetes  auth 
5 days ago by geetarista
A Comprehensive Formal Security Analysis of OAuth 2.0
The OAuth 2.0 protocol is one of the most widely deployed authorization/single sign-on (SSO) protocols
and also serves as the foundation for the new SSO standard OpenID Connect. Despite the popularity
of OAuth, so far analysis efforts were mostly targeted at finding bugs in specific implementations and
were based on formal models which abstract from many web features or did not provide a formal treatment
at all.
In this paper, we carry out the first extensive formal analysis of the OAuth 2.0 standard in an expressive
web model. Our analysis aims at establishing strong authorization, authentication, and session
integrity guarantees, for which we provide formal definitions. In our formal analysis, all four OAuth
grant types (authorization code grant, implicit grant, resource owner password credentials grant, and
the client credentials grant) are covered. They may even run simultaneously in the same and different
relying parties and identity providers, where malicious relying parties, identity providers, and browsers
are considered as well. Our modeling and analysis of the OAuth 2.0 standard assumes that security
recommendations and best practices are followed in order to avoid obvious and known attacks.
When proving the security of OAuth in our model, we discovered four attacks which break the security
of OAuth. The vulnerabilities can be exploited in practice and are present also in OpenID Connect.
We propose fixes for the identified vulnerabilities, and then, for the first time, actually prove the
security of OAuth in an expressive web model. In particular, we show that the fixed version of OAuth
(with security recommendations and best practices in place) provides the authorization, authentication,
and session integrity properties we specify.
security  auth 
10 days ago by mikecb
PHP OpenID Connect Basic Client
A simple library that allows an application to authenticate a user through the basic OpenID Connect flow. This library hopes to encourage OpenID Connect use by making it simple enough for a developer with little knowledge of the OpenID Connect protocol to setup authentication.
php  webdev  auth  oidc 
12 days ago by bartjohnston
Grav Login Plugin
The login plugin for Grav adds login, basic ACL, and session wide messages to Grav. It is designed to provide a way to secure front-end and admin content throughout Grav.
webdev  cms  plugin  auth 
12 days ago by bartjohnston
Set up 2FA (Two Factor Authentication) for PayPal with Google Authenticator (or other TOTP client)
You’d be forgiven for thinking PayPal didn’t support 2FA, let alone TOTP, as they make it difficult to find and set up. First, log in to PayPal normally. Then, go to…
paypal  2fa  auth  totp  authentication 
14 days ago by lgarron

« earlier    

related tags

2018  2fa  90  aaa  admin  amazon  api  api_auth  app  authentication  authn  authorisation  authorization  aws  axios  bearer  bitcoin  blueteam  cakephp  caldav  carddav  chrome  cms  code  cookies  cors  crypto  cs50  database  day  debug  devel  development  devise  devops  django  documentation  edge  elb  ember  factor  firebase  framework  gadget  gem  github  go  golang  google  graphql  guide  handshake  hardware  harvardkey  http  idaas  identity  ifttt  ioc  istio  javascript  jboss  jira  js  json  jupyter  jupyterhub  jwt  kubernetes  laravel  ldap  library  linux  list  login  management  mobile  model  netscaler  node.js  node  nodejs  oauth  oauth1  oauth2  oidc  openbsd  opensource  pam  passport  password  paypal  permissions  php  picketlink  pkexec  plugin  pocket  polkit  postman  programming  provider  python  qr  rails  react-native  react.js  react  reactnative  reference  refreshtoken  repo  rest  roles  ruby  saml  security  selfhosted  serverless  smtp  so  social  ssh  sso  stackoverflow  sudo  sysadmin  target  test  tls  token  tolearn  tools  toread  totp  tounderstand  tptacek  tutorial  two  twofactor  u2df  ui  use  user  variables  vault  vuejs  web  webdav  webdev  xmpp  xterm  xtermjs 

Copy this bookmark: