It’s been a while since I blogged about the new challenges arising from open banking and other use cases when it comes to OAuth authorization requests. Meanwhile, I have been entertaining my ideas with a lot of smart people in the community, combined it with existing proposals, such as the…

Have you ever come across limitations of the way OAuth expresses the requested scope of an access token? Well, I have several times in the course of the last couple of years in the areas of open banking and remote electronic signature creation. Let’s take the example of a payment…

No one should any longer use the implicit grant! That’s what IETF’s OAuth working group, the authority for official OAuth specifications, recommends in the upcoming OAuth 2.0 Security Best Current Practice RFC. The decision was met during the IETF meeting this week in Bangkok. Here is what the working group…