Useful Links
Computer Science
Other Tools and Technologies
OAuth and OIDC
1. Introduction to Secure Delegated Access
2. OAuth 2.0 Framework Fundamentals
3. OAuth 2.0 Protocol Endpoints
4. OAuth 2.0 Tokens
5. Scopes and Permissions
6. OAuth 2.0 Authorization Grants
7. OpenID Connect Identity Layer
8. JSON Web Tokens in OAuth and OIDC
9. Security Considerations and Threats
10. Advanced OAuth and OIDC Topics
11. OAuth 2.1 Evolution
12. Implementation Guidance
Security Considerations and Threats
Common Attack Vectors
Cross-Site Request Forgery
Attack Mechanism
OAuth-Specific Risks
Mitigation Strategies
Authorization Code Interception
Attack Scenarios
Mobile App Vulnerabilities
Prevention Techniques
Token Leakage
Storage Vulnerabilities
Transmission Risks
Browser-Based Risks
Logging and Debugging Risks
Replay Attacks
Token Reuse Scenarios
Time-Based Attacks
Prevention Mechanisms
Phishing Attacks
Fake Authorization Servers
User Education
Technical Mitigations
Open Redirect Attacks
Redirect URI Manipulation
Validation Requirements
Essential Security Mechanisms
State Parameter
CSRF Protection
Request Correlation
Implementation Requirements
Nonce Parameter
Replay Attack Prevention
ID Token Binding
Generation Requirements
PKCE Implementation
Universal Application
Code Verifier Security
Challenge Method Selection
Redirect URI Validation
Exact Matching Requirements
Wildcard Restrictions
Security Implications
Token Security Best Practices
Short-Lived Access Tokens
Risk Reduction
Refresh Token Usage
Expiration Strategies
Secure Token Storage
Client-Side Storage
Server-Side Storage
Memory-Only Storage
Token Transmission Security
HTTPS Requirements
Header vs Body Placement
Logging Considerations
Token Revocation
Immediate Revocation
Cascade Revocation
Notification Mechanisms
Previous
8. JSON Web Tokens in OAuth and OIDC
Go to top
Next
10. Advanced OAuth and OIDC Topics