Tag: openid

Found 45 results for 'openid'.

1) authentication - How to incorporate the man-in-the-middle
2) authentication - oidc authentication webapp REST api
3) authentication - Isn't OpenID over HTTP (not HTTPS) fatally flawed when delegates are used?
4) oauth - Securing a multi-tenant API with SSO and different roles per tenant
5) jwt - Should OIDC introspection endpoint be used to validate the JWT access token?
6) session-management - OpenID Session Fixation with CSRF
7) web-services - How should I architect a RESTful webservice to use 3rd party (i.e. Google, Facebook, Twitter) for authentication?
8) .net - What OpenID Connect flow is right for me?
9) authentication - Reauthenticating a user for sensitive actions using OpenID
10) java - How 'Logjam' attack affects openID since it uses Diffie-Hellman key exchange method?
11) webserver - Does the practice of blocking an off-site "Referer:" HTTP requests improve website security?
12) authentication - Appropriate password requirements for a login (OpenID) service/provider/delegate/thing
13) passwords - Can I get rid of storing user secrets by using OpenID, and what do I need to store?
14) authentication - Can I trust profile data a 3rd party auth provider send to me?
15) session - Session Handover via OpenID Connect between a Mobile Application and a Website?
16) authentication - What are the downsides of BrowserID/Persona compared to OpenID/OAuth/Facebook?
17) passwords - Why is OpenID considered secure when password reuse is not?
18) jwt - Does "validating" a JWT token from prove authentication with OpenId?
19) authentication - Are there risks of using the same OpenID provider for sites with different security levels?
20) authentication - Any scenario for using both, OpenID Connect and OAuth 2.0?
21) oauth - Can someone explain the "Covert Redirect" vulnerability in OAuth and OpenID?
22) php - OpenID implementation - PHP, Javascript, MySQL
23) authentication - Verify a user's affiliation with an organization
24) http - What should I pass for the WWW-Authenticate header on 401s if I'm only using OpenID?
25) users - Does anybody ever uses the OpenId url Log in?
26) authentication - Is JSON web token further secured in OpenID, and how?
27) appsec - How does using OpenID affect webapp security?
28) asp.net - oAuth ASP.NET Membership Provider
29) attack-vector - What can an attacker do with an OpenID token
30) web-application - OpenID without SSL certificate
31) oauth - Is logging in using OAuth/OpenID also vulnerable to heartbleed?
32) authentication - What are the downsides of BrowserID/Persona compared to OpenID/OAuth/Facebook?
33) openid - What are OpenID scopes and claims?
34) authentication - Is 'Bring your own Identity' as the only authentication option a valid practice?
35) web-application - Should Framebusting be used (not used) on an IdP login page?
36) authentication - SAML and OpenID, centralized and decentralized
37) trust - Why does a web site operator need to trust an openid provider?
38) authentication - Why is OAuth 2.0 being used for mobile devices, and not OpenID?
39) oauth - Google+ Sign In - One Time Code Flow vs Pure Server Side flow
40) single-sign-on - Local Identity based login along with saml 2.0 SSO
41) authentication - When do you use OpenID vs. OpenID Connect
42) authentication - Difference Between OAUTH, OpenID and OPENID Connect in very simple term?
43) openid - Open ID - What happens when you decide you don't like your existing provider?
44) authentication - Non-standard OIDC flow: How safe is this?
45) .net - Which OpenID flow should I choose?