openid – Page 4 – WindowsTechs.com

Regulations are driving innovation toward an identity layer on the Internet

Posted on September 11, 2019 by Help Net Security

The security community often points to the inherent lack of an encryption layer on the Internet as a factor behind many of the related threat vectors. The decentralized nature of the web, which has driven its near ubiquity, also makes it a vector for c… Continue reading Regulations are driving innovation toward an identity layer on the Internet→

Privacy and security risks as Sign In with Apple tweaks Open ID protocol

Posted on July 8, 2019 by Lisa Vaas

An open letter from the OpenID Foundation says that Apple introduced potential risks when it diverged from the OpenID Connect protocol. Continue reading Privacy and security risks as Sign In with Apple tweaks Open ID protocol→

EA Games Patches Account-Hijacking Bug

Posted on June 26, 2019 by Tom Spring

A bug in the Electronic Arts gaming platform’s single sign-on mechanism could have allowed hackers to access game accounts. Continue reading EA Games Patches Account-Hijacking Bug→

SSO using SAML 2.0/OIDC

Posted on March 27, 2019 by uneewk

I have a scenario in mind and I am wondering if this is, in general, a drawback to SSO using SAML 2.0/OIDC or if there are any known ways to mitigate such a scenario:

Background:
1. A user is able to SSO into some remote app… Continue reading SSO using SAML 2.0/OIDC→

Did I get it right? OAuth2, OpenID and OpenID Connect

Posted on February 19, 2019 by bleh10

After a lot of research about authentication and authorization, I reached the following but not sure if what I reached is the correct thing so please help me out:

Authentication is who you are. Authorization is what can you do!

OAuth is… Continue reading Did I get it right? OAuth2, OpenID and OpenID Connect→

Is it safe to just forget OAuth tokens, and not invalidate them in a mobile app?

Posted on February 18, 2019 by blork

I have a mobile application that a user signs into using OpenId Connect and OAuth 2.0. Currently when the user logs out, I open up a webpage to the end_session_endpoint (http://docs.identityserver.io/en/latest/endpoints/endse… Continue reading Is it safe to just forget OAuth tokens, and not invalidate them in a mobile app?→

what were the impacts when a user affected with data breach when he signed up with third party authentication

Posted on December 5, 2018 by BlueBerry - Vignesh4303

Background :
Recently quora got breached and database were reported to be stolen, Myself used to have a habit of signing in through google login.

Problem statement :
What were the possible impacts when i sign in thr… Continue reading what were the impacts when a user affected with data breach when he signed up with third party authentication→

How do I implement a Microsoft Login into my own website?

Posted on December 4, 2018 by CVE-2017-5754

I am trying to make a website, which hosts a form for employees to enter their shift details into. The website itself is pretty basic, meaning it is mostly just HTML and PHP code.

Obviously I need to control access and as of… Continue reading How do I implement a Microsoft Login into my own website?→

ROPC is unsafe?

Posted on November 29, 2018 by Marcelo Dias

Recently I found some articles saying that using ROPC is for legacy applications.

https://tools.ietf.org/html/rfc6749#section-10.7

Using today (2018/2019) is a bad practice? Vaious SPA applications and also backend framewor… Continue reading ROPC is unsafe?→

Microservices and ID token

Posted on October 14, 2018 by Andrey Paramonov

In micro-services architecture, some articles suggest that ID token can be passed between clients in order to implement “distributed sessions”. This way, clients use ID token during OAuth 2.0 dance to tell Authorization Serve… Continue reading Microservices and ID token→