OAUTH 2.1 explained simply (even if you are not a developer) ! by Julien Topçu

Security

Explore OAuth 2.1 explained in a clear and simple manner, without requiring extensive technical knowledge. Discover how this authorization standard safeguards user data and communication.

Key takeaways
  • OAuth is a standard protocol for authorization, helping users receive data without sharing passwords.
  • The authorization code is not sufficient for fetching contacts, and Facebook has access to your contacts.
  • The issue of code sharing occurs when the security manager (Gustave) gives the booking reference number to the hotel.
  • Code challenge and code challenge method can be disclosed and are not safe.
  • Front channel is vulnerable to interception, and back channel is necessary for secure communication.
  • Authorization code flow with PKCE is a secure method of authentication.
  • OAuth 2.1 includes the code verifier, which ensures secure communication.
  • The authorization server (Gustave) maintains a registry of trusted contact addresses and clients.
  • OAuth is designed to prevent the impression problem, where an imposter steals the authorization code.
  • The Implicit Flow in OAuth 2 is broken and can lead to security issues.

More talks

Alex Oskotsky, Bill Donelly & Johnathan Constance - The impact of AI on DevSecOps organizations

How To Get Your Website Into the Cloud (Extended Session) - Kerim Satirli

EH21 - CI-Bus, NDA, Oweh !, ein tiefer Einblick in den Caravan LIN Bus

Process Injection: Breaking All macOS Security Layers With a Single Vulnerability

Running open large language models in production with Ollama and serverless GPUs by Wietse Venema

37C3 - Unlocking the Road Ahead: Automotive Digital Forensics

Shifting from Syntax to Secure Software Development Processes • Laura Bell Main • YOW! 2023

Devoxx Greece 2024 - Going AOT: Everything you need to know about GraalVM for Java applications