Collaborate Disseminate
We have a microservice backend system & we expose APIs for our customers to use. We are now developing our Authentication system with our identity provider service.
We have a customer(a company), their users using their service via the… Continue reading 3rd party mobile app access our service via our APIs
I have an application connecting to any IDP using the OIDC Protocol. This application stores part of the user identity in it’s database. The problem I have is when the user gets disabled on the IDP the application still treats it’s record … Continue reading OpenId Connect: Is there a way to listen for user events from the IDP
It seems like signing ID Tokens invites misuse.
As I understand it, OIDC ID tokens should not be used as bearer tokens for authorizing API access. Instead, we should use access tokens.
However, the ID token is still signed, and in the case… Continue reading What’s the purpose of signing OIDC ID Tokens if they shouldn’t be used as bearer tokens
We are trying to arrive at a solution for an enterprise app
Different Users – have different Authentiation Methods
User Type 1 – Password + Captcha
User type 2 – Biometric [Not device-based] + Password
User type 3 – Biometric [Device-bas… Continue reading OpenId with Biometrics
I have a microservice system with an OpenId connect Identity Provider, implemented with IdentityServer4.
I have one special (very generic) service which needs to be able to communicate with all other services, even with services which will… Continue reading OpenId connect: Grant all available scopes in ClientCredentials flow
Understand that Grant Negotiation and Authorization Protocol (gnap) is still in draft status at the IETF.
I am looking to evaluate GNAP and be the first to put in production. Are there any working Code for Grant Negotiation and Authorizati… Continue reading Working Code for Grant Negotiation and Authorization Protocol (gnap) for evaluation? Performance vs OAuth/OIDC
With credential theft making up a large portion of phishing attacks, many organizations wisely turn to MultiFactor Authentication (MFA) to protect the credentials of their employees. Attackers, however, are upping their game to continue gaining access … Continue reading Phish Fryday – OAuth2 Phishing Attacks
With credential theft making up a large portion of phishing attacks, many organizations wisely turn to MultiFactor Authentication (MFA) to protect the credentials of their employees. Attackers, however, are upping their game to continue gaining access … Continue reading Phish Fryday – OAuth2 Phishing Attacks