Torsten Lodderstedt

Published in OAuth 2

·Jan 9, 2020

Pushed Authorization Requests Draft adopted by OAuth Working Group

The OAuth Working Group recently adopted the Pushed Authorization Requests (PAR) draft as working group document, which is an important step on its way to become an RFC. PAR improves the robustness and security of the OAuth code flow in a very simple way. Instead of sending all authorization request…

API

4 min read

Pushed Authorization Requests Draft adopted by OAuth Working Group

API

4 min read

Published in OAuth 2

·Sep 21, 2019

Rich OAuth 2.0 Authorization Requests

It’s been a while since I blogged about the new challenges arising from open banking and other use cases when it comes to OAuth authorization requests. Meanwhile, I have been entertaining my ideas with a lot of smart people in the community, combined it with existing proposals, such as the…

API

3 min read

API

3 min read

Published in OAuth 2

·Apr 20, 2019

Transaction Authorization or why we need to re-think OAuth scopes

Have you ever come across limitations of the way OAuth expresses the requested scope of an access token? Well, I have several times in the course of the last couple of years in the areas of open banking and remote electronic signature creation. Let’s take the example of a payment…

API

10 min read

Transaction Authorization or why we need to re-think OAuth scopes

API

10 min read

Published in OAuth 2

·Nov 9, 2018

Why you should stop using the OAuth implicit grant!

No one should any longer use the implicit grant! That’s what IETF’s OAuth working group, the authority for official OAuth specifications, recommends in the upcoming OAuth 2.0 Security Best Current Practice RFC. The decision was met during the IETF meeting this week in Bangkok. Here is what the working group…

Oauth

3 min read

Oauth

3 min read