We introduce open banking and cover state-of-the-art bank-grade security standards to ensure banking APIs meet the latest regulations and compliances.| Nordic APIs
This document describes the key concepts of Workforce Identity Federation.| Google Cloud
OAuth 2 and OpenID Connect are fundamental to gold standard API security. Learn the details of these protocols, so you can secure your APIs!| Nordic APIs
A detailed breakdown of the OAuth 2.0 authorization request. Learn the purpose of core parameters like response_type, scope, and state to...| Auth0 - Blog
Learn about OpenID Connect's authorization code, implicit, and hybrid flows. See how each flow works, when to use it, and how to secure it.| Scott Brady
What is OpenID Connect? In this post we go back to basics and take a look at what OpenID Connect was designed to solve and how it accomplishes it.| Nordic APIs
Overengineering, premature optimization, resume-driven development, hype-driven development, gold-plating, cargo-culting, etc.| blog.alexewerlof.com
Learn about OIDC authentication with Frontegg's guide. Simplify secure access, enhance security, and streamline user management.| Frontegg
Protecting APIs with strong security by requiring clients to authenticate using JWT client assertions| curity.io
An overview of the OAuth 2.0 authorization framework, summarizing the roles of resource owner, client, resource server and authorization server.| curity.io
Learn how OAuth 2.0 works with this simplified explanation and guide. Learn what it is, why it's essential for secure authorization, and best practices for implementation.| FusionAuth
This is the API documentation for the Vault JWT/OIDC authentication method plugin.| JWT/OIDC - Auth Methods - HTTP API | Vault | HashiCorp Developer
This is a commentary on several troubling trends in the security world, as well as an explainer on some fundamental OpenID Connect 1.0 concepts.| Authelia
Explore the key differences between OIDC and SAML, their strengths, and how to choose the right authentication protocol for your application.| Frontegg
A beginners guide to IdentityServer and OpenID Connect, starting with an empty project and ending with a near production ready environment.| Scott Brady
In this post we’ll look at a suite of standards that focus on improving API security: The Financial-grade API (FAPI) Profile.| Nordic APIs
Authelia 4.39 release notes.| Authelia
The changes being engineered by the FAPI Working Group have brought about a new version of the standards, namely FAPI 2.0. In this post, we outline what’s new and uncover why FAPI 2.0 is an improvement on what’s gone before.| Nordic APIs
Learn the pros and cons of each OAuth client authentication mechanism and take your OAuth security beyond client secrets.| Scott Brady
A deep dive into OpenID Connect’s ID token, looking at what identity tokens are, what they are not, where to use them, and how to validate them.| Scott Brady
Removing application passwords from OAuth by using JWT Bearer Tokens, including ASP.NET Core and IdentityServer4 usage.| Scott Brady
In the previous article, we talked about what information we require to achieve strong access control. This article looks at how we transfer information on what scopes and audiences the user has approved, their identity and details on their login, plus rights we use for access control.| securityblog.omegapoint.se
Learn how to use OpenID Connect to establish a trust relationship between AWS & a Kubernetes cluster to grant pods access to AWS services.| developer-friendly.blog
Using applications and service principals for persistence and privilege escalation is a well-known topic in Entra ID (Azure AD). I’ve written about these kind of attacks many years ago, and talked about how we can use certificates and application passwords to authenticate as applications and abuse the permissions they have. In this blog, we cover a third way of authenticating as an application: using federated credentials. Federated credentials have been around for a few years, but haven’...| dirkjanm.io
JSON Web Token implementation (symmetric and asymmetric). Latest version: 9.0.2, last published: a year ago. Start using jsonwebtoken in your project by running `npm i jsonwebtoken`. There are 31238 other projects in the npm registry using jsonwebtoken.| npm
NIST Special Publication 800-63C| pages.nist.gov
gm. It's been a while. I missed you. Writing about different topics I'm interested in and doing research to solidify my understanding of different concepts and ideas is something I enjoyed a lot when I first joined the space in 2018. However, in the last year and a half, it has been harder to find the time to write articles.| dcbuilder.mirror.xyz
OpenID Connect Front-Channel Logout 1.0| openid.net
REFEDS MFA Profile| REFEDS
NIST Special Publication 800-63-3| pages.nist.gov
OpenID Connect Session Management 1.0| openid.net
ENOSUCHBLOG| blog.yossarian.net
JSON Web Token (JWT)| www.iana.org
How Biscuit can fit in existing systems| www.biscuitsec.org
This page provides an overview of authentication. Users in Kubernetes All Kubernetes clusters have two categories of users: service accounts managed by Kubernetes, and normal users. It is assumed that a cluster-independent service manages normal users in the following ways: an administrator distributing private keys a user store like Keystone or Google Accounts a file with a list of usernames and passwords In this regard, Kubernetes does not have objects which represent normal user accounts.| Kubernetes
A practical intro into OAuth and OpenID Connect. How to authorize and authenticate.| TMSVR - Dev Blog
Our OAuth-based sign-in flow uses the OpenID Connect protocol to let users sign into your service using Slack.| Slack API