InfoQ Homepage OAuth Content on InfoQ
-
ASP.NET Core Updates in .NET 9 Preview 2: Blazor, OIDC, OAuth and Configuring HTTP.sys
Microsoft released .NET 9 Preview 2 which contains some updates regarding ASP.NET Core: Blazor component constructor injection, and WebSocket compression for Blazor interactive server components. Furthermore, developers can streamline authentication integration by customising OIDC and OAuth parameters and configuring HTTP.sys extended authentication flags.
-
Revolutionizing Digital Identity: How Verifiable Credentials Offer a New Era of Privacy and Control
Auth0 recently published an in-depth explanation of Verifiable Credentials (VCs). The article emphasizes the potential of VCs to transform how identities are managed online. It highlights the limitations of current identity systems and how VCs can address these gaps, particularly in allowing identity claims to be disclosed without issuers knowing, thereby enhancing privacy and control for users.
-
Spring Authorization Server 1.0 Provides Oauth 2.1 and OpenID Connect 1.0 Implementations
More than two-and-a-half years after being introduced to the Java community, VMWare has released Spring Authorization Server 1.0. Built on top of Spring Security, the Spring Authorization Server project supports the creation of OpenID Connect 1.0 Identity Providers and OAuth 2.1 Authorization Servers. The project supersedes the Spring Security OAuth project which is no longer maintained.
-
Spring Authorization Server 1.0 Planned for November 2022
Spring Authorization Server 1.0 is planned for a GA release in November 2022, after starting the project two years ago. The Spring Authorization Server project replaces the, already End of Life, Spring Security OAuth project. The project is led by the Spring Security team and delivers support for OAuth 2.1 Authorization Server for Spring applications.
-
GitHub Changes Token Format to Improve Identifiability, Secret Scanning, and Entropy
GitHub has recently moved to a new format for all of its tokens, including personal access, OAuth access, user-to-server and server-to-server, and refresh tokens. As GitHub engineer Heather Harvey explains, the new format aims to make tokens more easily identifiable, including when scanning repos for secrets, and to increase their entropy.
-
0-Day Vulnerability in Sign In with Apple Rewarded with $100,000
Earlier this year, security researcher Bhavuk Jain disclosed a 0-day vulnerability in Sign In with Apple that could easily allow an attacker to get full control of a victim's account by only knowing their email address. Apple patched the vulnerability and stated they could find no evidence of exploitation.
-
Capital One Launches Developer Platform
Capital One launched the DevExchange Beta developer site and initial API offering last month.
-
Google Introduces Smart Lock for Passwords
Google has announced at I/O 2015 the Google Identity Platform, a collection of tools and APIs for managing identities and dealing with authentication and authorization across Android, iOS and web applications.
-
Major Update to Firebase Brings Rich Authentication Tokens
Firebase has this week announced major updates to its user authentication, including automatic session persistence, and rich authentication tokens for use in Security Rules.
-
Simplified Multiple Provider Authorization with OAuth.io
OAuth.io is an API and a service interfacing with more than 80 OAuth providers. This article contains an interview with Mehdi Medjaoui, Co-founder of OAuth.io, providing details on security, licensing and future developments.
-
Twitter API v1.1 with JSON and OAuth1.0a Support
The recently released Twitter API V1.1 ships with support for JSON and provides an ability to authenticate apps via OAuth1.0a.
-
Google’s New IaaS Offering Runs Linux VMs in the Cloud
Google today disclosed details of Compute Engine, an IaaS offering that runs Linux VMs on demand utilizing Google’s cloud infrastructure. Google Compute Engine (GCE) supports 1, 2, 4 and 8 virtual core VMs with 3.75GB RAM per virtual core
-
Twitter Experiences Site Instability Following Google, Microsoft Outages
Twitter is the latest to experience downtime when yesterday the company issued a status update indicating instability within the site. This was the second such report from Twitter this week and follows on the heels of outages experienced this week by Google’s Blogger service and Microsoft’s Business Productivity Online Suite (BPOS).
-
Google Debuts OAuth 2.0 Support for Google APIs
Today Google announced experimental support for OAuth 2.0 with bearer tokens. In addition, as a side announcement they've launched a new consent page for OAuth 2.0 designed with cleanliness and simplicity in mind.
-
A Proposal for an HTTP Digital Signature Protocol and API
Bill Burke, JBoss's Chief Architect and REST Easy Project Lead, published last week a proposal for a Digital Signature Protocol over HTTP. "DSig" is rapidly gaining popularity, more than 10 years after it was designed, due to the emergence of composite applications and the need to establish trusted relationships between their clients and services.