9 Best Articles in 2022
aaronparecki.com
OAuth 2 Simplified
aaronparecki.com
· This post describes OAuth 2.0 in a simplified format to help developers and service providers implement the protocol. The OAuth 2 spec can be a bit confusing to read, so I've written this post to help… · Shared by 19, including Francis DB, Paul E Sevinç, platzh1rsch
developer.okta.com
An Illustrated Guide to OAuth and OpenID Connect
developer.okta.com
6 min read · · An illustrated guide to explain OAuth and OpenID Connect! · Shared by 32, including Michael Weibel, Chris Love - PWAs 📳📱& SEO 🔎, sMyle is OOO
oauthbible.com
The OAuth Bible
oauthbible.com
~12 min read · · Signed / Signature String made up of several HTTP request elements in a single string. These include the Request Method & URL & Parameters, which is then encrypted against the key which consists of:… · Shared by 42, including Alexander Seifert, Jon Thompson, Brian, Philipp Laurim, Fargo, Daniel Williams, Mohamed JEBLI
The Hacker News
GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens
The Hacker News
2 min read · · GitHub reveals that hackers abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI. · Shared by 16, including William Toll, Tactical Tech
oauth.net
OAuth Community Site
oauth.net
· The OAuth 2.0 authorization framework enables third-party applications to obtain limited access to a web service. This website is supported by Try Okta to make OAuth painless · Shared by 18, including Chung Chen, William El Kaim, Chris Messina, Francis DB
oauth.io
OAuth that just works.
oauth.io
· Integrate 100+ OAuth providers in minutes. Setup your keys, install oauth.js, and you are ready to play ! · Shared by 17, including Chris Messina, Philippe Gauvin, Francis DB
github.blog
Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators
github.blog
3 min read · · On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to… · Shared by 16, including jesse squires 🏴
blog.teller.io
Introducing TAuth: Why OAuth 2.0 is bad for banking APIs and how we're fixing it
blog.teller.io
7 min read · · Teller is an API that enables developers to program their bank accounts · Shared by 23, including Jon Thompson, Marco Unternaehrer, Paddy Zab
The Hacker News
Github Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens
The Hacker News
1 min read · · Github's security team has notified users/organisations whose private data was downloaded with stolen OAuth user tokens. · Shared by 12, including Yves Mulkers, William Toll
More like this
ZDNET
Hackers stole GitHub and GitLab OAuth tokens from Git analytics firm Waydev
ZDNET
3 min read · · OAuth tokens have been abused for intrusions at least two other companies, Dave.com and Flood.io. · Shared by 12, including Troy Hunt
github.blog
npm security update: Attack campaign using stolen OAuth tokens
github.blog
· npm's impact analysis of the attack campaign using stolen OAuth tokens and additional findings. · Shared by 21, including NamosSec is checking in occasionally, sMyle is OOO, William Toll, fantastic ms., Axel Rauschmayer (INACTIVE)
gravitational.com
Everything You Need to Know About OAuth (2.0)
gravitational.com
9 min read · · Boiling down to its core purpose, OAuth exists to provide third party applications limited access to secure resources without compromising the user’s data. · Shared by 11, including Bryan Onel, mastodon.social/@renestalder
The Hacker News
Nearly 100,000 NPM Users' Credentials Stolen in GitHub OAuth Breach
The Hacker News
2 min read · · GitHub shares more details about the recent OAuth token breach, revealing that the attacker gained access to the credentials of nearly 100k NPM users. · Shared by 10, including Yves Mulkers
adodson.com
hello.js - Javascript API for OAuth2 authentication and REST services
adodson.com
7 min read · · A client-side JavaScript SDK for authenticating with OAuth2 (and OAuth 1 with an 'oauth proxy') web services and querying their REST APIs. HelloJS standardizes paths and responses to common APIs like Google Data Services, Facebook Graph and Windows Live Connect. It's modular, so that list is growing. No more spaghetti code! · Shared by 22, including Charlie O'Keefe @charlieok@hachyderm.io, Marc Wieland, Francis DB, Tibor Martini 🇺🇦 @tibor@mastodon.social, Brian
developers.googleblog.com
Modernizing OAuth interactions in Native Apps for Better Usability and Security
developers.googleblog.com
5 min read · · News and insights on Google platforms, tools, and events. · Shared by 12, including Klaus Eck, Chris Messina
thebuzzmedia.com
Designing a Secure REST (Web) API without OAuth
thebuzzmedia.com
· Click here to proceed. · Shared by 23, including Jens-Christian Fischer, Chung Chen, Balda
github.com
abraham/twitteroauth
github.com
· twitteroauth - The most popular PHP library for use with the Twitter OAuth REST API. · Shared by 10, including Tibor Martini 🇺🇦 @tibor@mastodon.social, Nico Müller 🇺🇦, adrianoesch
Martin Fowler
Using oauth for a simple command line script to access Google's data
Martin Fowler
~19 min read · · I found that juggling Google's authorization codes, refresh tokens, and access tokens was not difficult; but also not clearly documented. · Shared by 16
