oauth2.md

July 15, 2021 · View on GitHub

This article details how SSO via Authelia can be easily set up using SWAG's preset Authelia confs.

:calendar: published on: 2020-08-26
tags: docker-compose, nginx, tls, oauth2, cloud, linux
:octocat: source code

IdentityModel/oidc-client-js

^{https://github.com/IdentityModel/oidc-client-js/}

OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications

tags: javascript, openid-connect, oauth2
:octocat: source code

OAuth 2 Simplified

^{https://aaronparecki.com/oauth-2-simplified/}

This post describes OAuth 2.0 in a simplified format to help developers and service providers implement the protocol. (

tags: oauth2, single-page-application, native, web-application

Implement the OAuth 2.0 Authorization Code with PKCE Flow

^{https://developer.okta.com/blog/2019/08/22/okta-authjs-pkce}

In this post, you’ll learn some foundational concepts of OIDC and OAuth2. You’ll be guided through a simple SPA example written in Vue.js that starts with the older (now deprecated) Implicit flow and ...

:calendar: published on: 2019-09-22
tags: oauth2, authorization, pkce

Prevent Attacks and Redirect Users with OAuth 2.0 State Parameters

^{https://auth0.com/docs/protocols/state-parameters}

Authorization protocols provide a state parameter that allows you to restore the previous state of your application. The state parameter preserves some state objects set by the client in the Autho...

tags: oauth2, csrf

Is the OAuth 2.0 Implicit Flow Dead?

^{https://developer.okta.com/blog/2019/05/01/is-the-oauth-implicit-flow-dead}

You may have heard some buzz recently about the OAuth 2.0 Implicit flow. The OAuth Working Group has published some new guidance around the Implicit flow and JavaScript-based apps, specifically that t...

:calendar: published on: 2019-05-01
tags: oauth2, authorization

PKCE support with Keycloak 7.0 for mobile apps - JANUA

^{https://www.janua.fr/pkce-support-with-keycloak-7-0/}

PKCE support with Keycloak 7.0: Keycloak 7.0 has been released on Aug 25th 2019 with PKCE support. This represents a major breakthrough for all mobile apps to increase security and to mitigate malicio...

tags: keycloak, oauth2, authentication, authorization

RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients

^{https://tools.ietf.org/html/rfc7636}

OAuth 2.0 public clients utilizing the Authorization Code Grant are susceptible to the authorization code interception attack. This specification describes the attack as well as a technique to...

tags: oauth2, openid-connect, specification

What's New With OAuth and OIDC? - 32min

^{https://www.youtube.com/watch?v=g_aVPdwBTfw}

In this talk you'll learn about the latest developments with the OAuth and OIDC specs directly from the standards group. The latest additions to the specs enable richer experiences and better secu...

:calendar: published on: 2020-04-09
tags: oauth2, security, rfc

React Simple Auth: React + Redux + OAuth 2.0 - Matt Mazzola - Medium

^{https://medium.com/@mattmazzola/react-simple-auth-react-redux-oauth-2-0-de6ea9df0a63}

I recently started working on a React project and was looking to add authentication support to it. As a long time Ember developer I expected there to be a standard community solution similar to ember-...

:calendar: published on: 2017-10-11
tags: reactjs, oauth2, authentication, redux
:octocat: source code

OpenID Connect debugger

^{https://oidcdebugger.com/}

Test and debug OpenID Connect requests. This free tool makes it easy to send requests and view responses.

tags: oidc, oauth2, debugging, dev-tools
:octocat: source code

Securing OAuth 2.0 Resources in Spring Security 5.1 - YouTube

^{https://www.youtube.com/watch?v=1N-xwmoN83w}

Resource Server parts

min 5
min 36

The OAuth 2.0 Authorization Framework is elaborate, with several nuances and subtl...

:calendar: published on: 2018-10-04
tags: spring, spring-boot, spring-security, oauth2
:octocat: source code

Next Generation OAuth 2.0 Support with Spring Security

^{https://spring.io/blog/2018/01/30/next-generation-oauth-2-0-support-with-spring-security}

The current state of OAuth 2.0 Support, within the Spring projects portfolio, is spread out between Spring Security OAuth, Spring Cloud Security, Spring Boot 1.5.x, and the new support introduced in S...

:calendar: published on: 2018-01-30
tags: spring-security, oauth2

OAuth 2.0 and OpenID Connect (in plain English) - YouTube

^{https://www.youtube.com/watch?v=996OiexHze0}

Developer Advocate Nate Barbettini breaks down OpenID and OAuth 2.0 in Plain English Find Nate's slides here: [https://speakerdeck.com/nbarbettini/oauth-and-openid-connect-in-plain-english](https://sp...

:calendar: published on: 2018-02-05
tags: oauth2, openid-connect, security, authentication, authorization

Understanding ID Token

^{https://medium.com/@darutk/understanding-id-token-5f83f50fa02e}

From an engineer's point of view, an abstract explanation like “ID Token is a token issued as a result of user authentication” is not so valuable because engineers cannot imagine how to implement ID T...

:calendar: published on: 2017-11-06
tags: openid-connect, jwt, oauth2

Welcome to OpenID Connect – OpenID Homepage

^{https://openid.net/connect/}

OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Serve...

tags: openid-connect, oauth2

[User-Managed Access (UMA) Profile of OAuth

2.0](https://docs.kantarainitiative.org/uma/rec-uma-core.html)

^{https://docs.kantarainitiative.org/uma/rec-uma-core.html}

User-Managed Access (UMA) is a profile of OAuth 2.0. UMA defines how resource owners can control protected-resource access by clients operated by arbitrary requesting parties, where the resources resi...

tags: oauth2

The OAuth 2.0 Authorization Framework: Bearer Token Usage

^{https://tools.ietf.org/html/rfc6750}

This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a "bearer") can use it to get access to the ...

tags: oauth2, rfc

The OAuth 2.0 Authorization Framework

^{https://tools.ietf.org/html/rfc6749}

The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either of a behalf of a resource owner by orchestrating an approval interaction bet...

tags: oauth2, rfc

The Nuts and Bolts of API Security: Protecting Your Data at All Times - YouTube

^{https://www.youtube.com/watch?v=tj03NRM6SP8}

Nice introduction (just introduction) to oauth, openid-connect, possible use for securing microservices...

:calendar: published on: 2015-05-20
tags: api, security, oauth2, openid-connect, microservices

Understanding Refresh Tokens - Auth0

^{https://auth0.com/learn/refresh-tokens/}

A Refresh Token is a special kind of token that can be used to obtain a renewed access token —that allows accessing a protected resource— at any time. You can request new access tokens until the r...

tags: jwt, oauth2, openid-connect

OpenID Connect

^{https://auth0.com/docs/protocols/oidc}

What is the OpenID Connect protocol and how it works.

tags: openid-connect, oauth2, jwt

Final: OpenID Connect Core 1.0 incorporating errata set 1

^{https://openid.net/specs/openid-connect-core-1_0.html}

Abstract

OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an A...

tags: openid-connect, oauth2

OAuth 2.0 Tutorial

^{http://tutorials.jenkov.com/oauth2/index.html}

Nice OAuth 2 tutorial with pictures. Makes it easy to understand such a difficult topic.

tags: oauth2