Mika’il – WindowsTechs.com

Tunelling an Authenticated User Across Microservices Securely

Posted on December 20, 2018 by Mika'il

On a platform which follows the OAuth 2.0 framework, what is a secure way to pass a user from one microservice to another on the same platform without having to authenticate the user again?

Detailed Context

Assume a user at… Continue reading Tunelling an Authenticated User Across Microservices Securely→

Too Much Information Exposure in OAuth 2.0?

Posted on November 27, 2018 by Mika'il

Section 4.1 of the OAuth 2.0 RFC states:

(A) The client initiates the flow by directing the resource owner’s
user-agent to the authorization endpoint. The client includes
its client identifier, reques… Continue reading Too Much Information Exposure in OAuth 2.0?→

What is the example parameter in the OAuth 2.0 RFC

Posted on November 18, 2018 by Mika'il

In section 4.1.4 of the OAuth 2.0 RFC, it gives an example of an access token response:

An example successful response:

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
… Continue reading What is the example parameter in the OAuth 2.0 RFC→

A Method for Generating Un-Guessable Client Identifiers

Posted on November 9, 2018 by Mika'il

I am implementing an OAuth 2.0 authorisation server. As part of client registration process I want to generate the unique client identifier for this client.

The method I have chosen is to take all the client registration information and h… Continue reading A Method for Generating Un-Guessable Client Identifiers→

Integrating Firebase Authentication with OAuth 2.0 Authorisation Code Grant Flow

Posted on November 7, 2018 by Mika'il

I need feedback on my proposed design to authenticate and authorise users for an application I am working on. For authentication I am using Firebase and for authorisation I am following the OAuth 2.0 framework.

The standard … Continue reading Integrating Firebase Authentication with OAuth 2.0 Authorisation Code Grant Flow→

Help Required To Define the OAuth Authorisation Flow

Posted on October 25, 2018 by Mika'il

I am building a platform which will offer a variety of federated signup/login options to a user using Google’s Firebase service. A user will choose one the federated options to signup to the platform.

When a user signs up to… Continue reading Help Required To Define the OAuth Authorisation Flow→

Why should authorization servers document the size of client identifiers?

Posted on October 19, 2018 by Mika'il

In section 2.1 of the OAuth2.0 RFC, it states the following regarding the client identifier:

The authorization server SHOULD document the size of any identifier it issues.

What is the point of doing this?

Continue reading Why should authorization servers document the size of client identifiers?→