We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
PAR: Securing the OAuth and OpenID Connect Front-Channel - Dominick Baier - NDC Security 2024
Here is the metadata description: "Discover how to secure the OAuth and OpenID Connect front-channel with PAR, a simple solution that provides strong security benefits and reduces the attack surface."
- The OAuth and OpenID Connect front-channel is a problem that needs to be secured.
- Request parameters in the front-channel can be manipulated, allowing attacks such as manipulations of the redirect URI and exploiting of reverse proxies.
- Pushed Authorization Request (PAR) is a solution that allows clients to authenticate before sending an authorized request, making it harder to manipulate parameters.
- PAR is a simple spec that is easy to implement, but provides strong security benefits.
- The ratio of complexity to gain in security is good for PAR.
- Implementing PAR can help to reduce the attack surface and prevent common attacks such as manipulating the redirect URI.
- PAR is not a novel idea, but is officially published and implemented by some companies.
- The concept of pushed authorization has been around since 2010 and has been adopted by some companies.
- PAR can be used with OpenID Connect and OAuth, and can be implemented in a browser or mobile application.
- The presentation shows a demo of a OAuth/OpenID Connect client that uses PAR, and discusses the benefits and advantages of using PAR.
- PAR can help to prevent common attacks such as manipulating the redirect URI and exploiting of reverse proxies.
- PAR is officially published and implemented by some companies, and has been adopted by Microsoft as part of their Azure AD.
- Implementing PAR can help to reduce the attack surface and prevent common attacks.
- PAR is a solution that is easy to implement and provides strong security benefits.
- Using PAR can help to prevent attacks such as manipulating the redirect URI and exploiting of reverse proxies.
- PAR can be used in a browser or mobile application, and can help to prevent common attacks.