OAUTH 2.1 explained simply (even if you are not a developer) ! by Julien Topçu

Security

Explore OAuth 2.1 explained in a clear and simple manner, without requiring extensive technical knowledge. Discover how this authorization standard safeguards user data and communication.

Key takeaways
  • OAuth is a standard protocol for authorization, helping users receive data without sharing passwords.
  • The authorization code is not sufficient for fetching contacts, and Facebook has access to your contacts.
  • The issue of code sharing occurs when the security manager (Gustave) gives the booking reference number to the hotel.
  • Code challenge and code challenge method can be disclosed and are not safe.
  • Front channel is vulnerable to interception, and back channel is necessary for secure communication.
  • Authorization code flow with PKCE is a secure method of authentication.
  • OAuth 2.1 includes the code verifier, which ensures secure communication.
  • The authorization server (Gustave) maintains a registry of trusted contact addresses and clients.
  • OAuth is designed to prevent the impression problem, where an imposter steals the authorization code.
  • The Implicit Flow in OAuth 2 is broken and can lead to security issues.

More talks

SAINTCON 2023 - Morgan Thomas - Becoming A Space Pirate

37C3 - Security Nightmares

Deserialization exploits in Java: why should I care? by Brian Vermeer

Reaching for the Sky with the Jamstack with Charlie Gerard

SAINTCON 2023 - Bryce Kunz - Cloud Red Teaming

Managing from 1 to 1 million Kubernetes Clusters - Bastian Hofmann - PHP UK 2022

Daniel Thompson-Yvetot - Tauri 2.0 - DevWorld 2024

Adam Števko - Journey to Securing the Cloud: Detecting and Fixing Misconfigurations at Datadog