Authenticating with an API has long been the holy grail for mobile and web developers. Jacob Ideskog describes how a Hypermedia API can implement user authentication.| Nordic APIs
Website with the collection of all the cheat sheets of the project.| cheatsheetseries.owasp.org
This specification details the threats, attack consequences, security considerations and best practices that must be taken into account when developing browser-based applications that use OAuth 2.0. Discussion Venues This note is to be removed before publishing as an RFC. Discussion of this document takes place on the Web Authorization Protocol Working Group mailing list (oauth@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/oauth/. Source for this draft and an issue ...| IETF Datatracker
Figure 1. Capabilities of deep links, web links, and| Android Developers
OAuth 2.0 public clients utilizing the Authorization Code Grant are susceptible to the authorization code interception attack. This specification describes the attack as well as a technique to mitigate against the threat through the use of Proof Key for Code Exchange (PKCE, pronounced "pixy").| IETF Datatracker
Website with the collection of all the cheat sheets of the project.| cheatsheetseries.owasp.org
Cross Site Scripting (XSS) on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.| owasp.org