In this week’s episode, I review the Spotify API – more specifically the OAuth capability. My goal: get an OAuth Access Token for my app, so I can call the API. To achieve this goal, I will go to the
The relation between OpenID Connect and OAuth 2
The OAuth standard ensures that there is no unintended leakage of information about the resource owner to the client. For example, it is ensured that the client does not get hold of the resource owner’s credentials. The OAuth standard ensures
Which Actors are involved in OAuth Flows?
OAuth is designed for distributed systems that consist of several actors with distinct roles. Just like the actors in a movie play specific roles so the story can evolve, each actor in an OAuth flow takes on a specific role
OAuth 2.0 Usage
In a previous post we have introduced OAuthΒ as a framework for API Security. But how is OAuth used and which solutions can be enabled by it? In fact, most of OAuth is happening under the hood of modern cloud, mobile
What is OAuth 2?
If you are working with APIs I am sure you have heard about OAuth 2. It is used for securing access to APIs. OAuth 2 is a standard for delegating authorization for accessing resources via HTTP. OAuth 2 offers a
The Password Anti Pattern
People have gotten a bit sensitive about internet security and privacy. “Mobile apps, web-APIs and Cloud Services – yes, I like and use them, but … is my data really secure there? Can I control what happens to my data