The client-server API allows clients to send messages, control rooms and synchronise conversation history. It is designed to support both lightweight clients which store no state and lazy-load data from the server as required - as well as heavyweight clients which maintain a full local persistent copy of server state. API Standards These standards only apply to the APIs defined in the Matrix specification. APIs used by this specification but defined in other specifications, like the OAuth 2.0...| Matrix Specification
A detailed breakdown of the OAuth 2.0 authorization request. Learn the purpose of core parameters like response_type, scope, and state to...| Auth0 - Blog
This article highlights some common OAuth vulnerabilities found in web and mobile apps in 2021, along with some mitigations to improve security.| Nordic APIs
Common OAuth Vulnerabilities| blog.doyensec.com
How to implement OAuth in the context of mobile applications while avoiding security pitfalls? Practical steps on fortifying OAuth flow with PKCE, state parameter, managing secure redirections, and focusing on critical aspects during OAuth assessment in mobile environments.| Cossack Labs
This specification defines a metadata format that an OAuth 2.0 client can use to obtain the information needed to interact with an OAuth 2.0 authorization server, including its endpoint locations and authorization server capabilities.| IETF Datatracker
OAuth 2.0 public clients utilizing the Authorization Code Grant are susceptible to the authorization code interception attack. This specification describes the attack as well as a technique to mitigate against the threat through the use of Proof Key for Code Exchange (PKCE, pronounced "pixy").| IETF Datatracker
