Tag: oauth2


Found 129 results for 'oauth2'.

1) authentication - Adding SSO to an existing website - should SSO login link to matching email address?
2) authentication - Limiting database lookups by token metadata
3) authentication - Does signing in via OAuth 2.0 compromise account security if the OAuth 2.0 service decides to become malicious?
4) authentication - How can an end-user verify the authenticity of a third-party authentication provider's login form
5) authentication - 'confirm old password' OAuth equivalent
6) authentication - oidc authentication webapp REST api
7) google - Best practice to share google drive API credentials for being used by a script?
8) authentication - Is it safe for users of my API to 'Sign In With GitHub' using passport-github?
9) authentication - How exactly do mobile apps achieve authorization code flow with PKCE?
10) tls - Why do we use Oauth2 instead of Basic Auth in server to server communication using SSL?
11) oauth - Securing a multi-tenant API with SSO and different roles per tenant
12) mobile - Revoke OAuth2 Token For Mobile App
13) session-management - Detecting session sharing with OAuth2
14) csrf - Can oauth2 "state" parameter be used to avoid using session cookies to identify user
15) authentication - Mobile apps that use OAuth2 to offload authentication to a 3rd party: are they misusing OAuth2?
16) mobile - OAuth2 for mobile apps with confidential backend client (Is PKCE required?)
17) mobile - OAuth Authorization Flow without external user agent for iOS application
18) tls - client_id vs distinguished name in mutual tls
19) rest - REST API Oauth 2 - Which grant type to use?
20) api - Does it make sense to create a whole new API interface to just handle the web secret key?
21) api - Securing a SPA's API when using external identity providers
22) web-services - OAuth alternative for a 2 party system
23) rest - How to combine session-based authentication and stateless REST API
24) php - Using oAuth as a complement to an existing authentication system?
25) architecture - Customized access control using OAuth 2.0
26) security - OAuthv2 authorization grants
27) .net - What OpenID Connect flow is right for me?
28) oauth - OAuth 2.0 - Should Client Identifier be unique for each user or only by client type?
29) web-applications - Micro services REST with Javascript user authentication/authorization
30) web-api - Testing API with Auth0-enabled user authentication and authorization
31) laravel - How to generate an access token using OAuth 2.0 for another app that never expires
32) authentication - Auth options for distributed systems
33) authentication - OAuthv2 for distributed applications
34) mobile - Proper OAuth2 Grant
35) design-patterns - Windows Service with authentication, some UI required
36) design - How often should I be checking access tokens if I am using OAuth only for signing in to my app?
37) oauth2 - What's the point of logging in with oauth2 if it's a paid subscription site?
38) passwords - Where should 'reset password' functionality be?
39) authorization - Is the OAuth 2 authorization code flow vulnerable to the Confused Deputy Problem?
40) authentication - Attacker models of long-term logins: how should sensitive server endpoints require re-authentication?
41) oauth2 - Okta backend verification of Access Token generated in PKCE flow
42) authentication - capture authorization code programmatically in OAuth 2.0
43) authentication - What are the pieces of information delivered in a user profile at the end of a OpenID Connect flow?
44) authentication - What is the difference between API keys and API tokens usages?
45) authentication - How client-side OAuth is secure?
46) authentication - OAuth 2.0 authorization code flow vulnerable to "shoulder surfing"?
47) oauth - Why use OpenID Connect instead of plain OAuth2?
48) oauth2 - OAuth2 - Benefits for using Grant-Type:Password for machine-to-machine web-service calls
49) authentication - OAuth 2.0: what's stopping a client from lying to the Resource owner about scopes
50) authentication - Using OAuth2 with JWT, should a client pass along unused refresh tokens on a logout call?