Connect Hex with your SSO provider for authentication and access management for your Hex workspace.| learn.hex.tech
What is OpenID Connect? In this post we go back to basics and take a look at what OpenID Connect was designed to solve and how it accomplishes it.| Nordic APIs
Design patterns to allow JWTs to be validated using extended header fields and Public Key Infrastructure.| curity.io
An explanation of the various OpenID Connect endpoints and what they can be used for.| Scott Brady
A beginners guide to IdentityServer and OpenID Connect, starting with an empty project and ending with a near production ready environment.| Scott Brady
The OpenAPI Specification defines a standard interface to RESTful APIs which allows both humans and computers to understand service capabilities without access to source code, documentation, or network traffic inspection.| swagger.io
Kubernetes offers two distinct ways for clients that run within your cluster, or that otherwise have a relationship to your cluster's control plane to authenticate to the API server. A service account provides an identity for processes that run in a Pod, and maps to a ServiceAccount object. When you authenticate to the API server, you identify yourself as a particular user. Kubernetes recognises the concept of a user, however, Kubernetes itself does not have a User API.| Kubernetes
I am developing a tool to check cryptographic public keys for known vulnerabilities called badkeys. During the Q&A session of a presentation about badkeys at the German OWASP Day, I was asked whether I had ever used badkeys to check cryptographic keys in OpenID Connect setups. I had not until then.| blog.hboeck.de
Using applications and service principals for persistence and privilege escalation is a well-known topic in Entra ID (Azure AD). I’ve written about these kind of attacks many years ago, and talked about how we can use certificates and application passwords to authenticate as applications and abuse the permissions they have. In this blog, we cover a third way of authenticating as an application: using federated credentials. Federated credentials have been around for a few years, but haven’...| dirkjanm.io
JSON Web Tokens (JWT) are often used in stateless authentication flows. Thanks to the signature, the server does not need anything else to verify the token validity. The scope claim (RFC8693 section 4.2) contains a space-separated list of scopes associated with the token. The server can use it to check the application permissions. Although this claim can quickly become heavy. The more scopes you have, the bigger your token is! But JWT are meant to be a compact token format… Today I’m prou...| Raphael Medaer’s blog
With Kubernetes 1.30, we (SIG Auth) are moving Structured Authentication Configuration to beta. Today's article is about authentication: finding out who's performing a task, and checking that they are who they say they are. Check back in tomorrow to find about what's new in Kubernetes v1.30 around authorization (deciding what someone can and can't access). Motivation Kubernetes has had a long-standing need for a more flexible and extensible authentication system. The current system, while pow...| Kubernetes
OpenID Connect Front-Channel Logout 1.0| openid.net
OpenID Connect Session Management 1.0| openid.net
ENOSUCHBLOG| blog.yossarian.net
This page provides an overview of authentication. Users in Kubernetes All Kubernetes clusters have two categories of users: service accounts managed by Kubernetes, and normal users. It is assumed that a cluster-independent service manages normal users in the following ways: an administrator distributing private keys a user store like Keystone or Google Accounts a file with a list of usernames and passwords In this regard, Kubernetes does not have objects which represent normal user accounts.| Kubernetes
The OpenAPI Specification defines a standard interface to RESTful APIs which allows both humans and computers to understand service capabilities without access to source code, documentation, or network traffic inspection.| swagger.io
Our OAuth-based sign-in flow uses the OpenID Connect protocol to let users sign into your service using Slack.| Slack API
