What is OpenID Connect?
Learn how OpenID Connect (OIDC) extends OAuth 2 by adding a layer of identity, solving user authentication and Single Sign-On (SSO).| Scott Brady
Learn how OpenID Connect (OIDC) extends OAuth 2 by adding a layer of identity, solving user authentication and Single Sign-On (SSO).| Scott Brady
Learn how the UK's Open Banking makes use of OAuth and OpenID Connect.| Scott Brady
A deep dive into OpenID Connect’s ID token, looking at what identity tokens are, what they are not, where to use them, and how to validate them.| Scott Brady
A cheat sheet for choosing the right way to securely access an API when using a browser-based application such as a JavaScript SPA.| Scott Brady - scottbrady.io
A look at the advantages and disadvantages of using software tokens as an authentication factor, focussing on TOTP.| Scott Brady - scottbrady.io
Getting to grips with FIDO2 and WebAuthn, including a basic implementation in ASP.NET Core| Scott Brady
The reasons why OAuth is not an authentication protocol, and why without using open standards such as OpenID Connect, should not be hacked to become one.| Scott Brady
One of the few legitimate uses for the ROPC grant type is for browserless devices. Luckily, the OAuth working group now has a solution for that.| Scott Brady - scottbrady.io
The previous alternatives to OAuth and authorizing access to an API and why we no longer use them.| Scott Brady
