Keith Casey, an API Problem Solver at Okta, covers the basics of OAuth 2.0 and OpenID Connect to help you build applications that are secure, reliable, and protect your systems and data the way you expect.
In the last few years, I’ve worked with dozens of companies to understand their needs, goals, and design on how they’ll use OAuth within their systems. Throughout those projects, I’ve found good news and bad news.
The good news is the tools and supporting libraries are steadily getting better, both in terms of ongoing support and security overall. As a result, mistakes that were common just a few years ago are steadily disappearing. This is a major win because if we start with better, more secure tools, we’ll build more secure software by default.
The bad news is there are still too many easy ways to build systems that look secure and seem secure but leak user information, application data, or inadvertently encourage bad security practices in downstream applications.
Therefore, let’s talk about some of those common mistakes and how we can improve security from day one. […]