The recently published “OWASP API security top 10” report analyzes the anti-patterns that lead to vulnerabilities and security risks in APIs. In this 10 part series, we introduce these API anti-patterns. Every API professional should know about these anti-patterns. API
New Course on OpenID Connect & JWT
Many of my 7100 students of the OAuth course have asked me to create a new course on OpenID Connect & JWT . And I completely understand why. Because as an API professional in 2020, you simply need to know
Three Common Misunderstandings about OpenID Connect
The top three things, that people do not understand about OpenID Connect. Misunderstanding 1: “We already got OAuth, so we don’t need OpenID Connect” Great, that you have OAuth. If you have it long enough, you probably have a big
OAuth 2 vs. OpenID Connect
For API security there are two standards — and both of their names start with the capital letter O. So it is no wonder, people ask all the time: What is the difference between OAuth 2 and OpenID Connect? The
New OpenID Connect Book Available Today!
How should we build signup and login for apps to increase app conversion? It needs to be simple. End-users tend to shy away from tedious onboarding processes or only get halfway through before they give up. How do some of
Spotify API – How to get an OAuth Access Token (API Review Series)
In this week’s episode, I review the Spotify API – more specifically the OAuth capability. My goal: get an OAuth Access Token for my app, so I can call the API. To achieve this goal, I will go to the
The relation between OpenID Connect and OAuth 2
The OAuth standard ensures that there is no unintended leakage of information about the resource owner to the client. For example, it is ensured that the client does not get hold of the resource owner’s credentials. The OAuth standard ensures
Which Actors are involved in OAuth Flows?
OAuth is designed for distributed systems that consist of several actors with distinct roles. Just like the actors in a movie play specific roles so the story can evolve, each actor in an OAuth flow takes on a specific role
OAuth 2.0 Usage
In a previous post we have introduced OAuth as a framework for API Security. But how is OAuth used and which solutions can be enabled by it? In fact, most of OAuth is happening under the hood of modern cloud, mobile
What is OAuth 2?
If you are working with APIs I am sure you have heard about OAuth 2. It is used for securing access to APIs. OAuth 2 is a standard for delegating authorization for accessing resources via HTTP. OAuth 2 offers a