Security Boulevard

OAuth Authorization Server Setup: Implementation Guide & Configuration

Learn how to build and configure an enterprise-grade OAuth authorization server. Covering PKCE, grant types, and CIAM best ...

ConsentFix debrief: Insights from the new OAuth phishing attack

ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push ...
InfoQ

Spring Authorization Server 1.0 Provides Oauth 2.1 and OpenID Connect 1.0 Implementations

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
ZDNet

Google updates OAuth incremental authorization

Google has simplified the OAuth authorization process for users who give a third-party app access to Google apps such as Docs and Drive. The update, though minor, makes it possible for users to ...
Dark Reading

'Log in with...' Feature Allows Full Online Account Takeover for Millions

Flaws in the implementation of the Open Authorization (OAuth) standard across three prominent online services could have allowed attackers to take over hundreds of millions of user accounts on dozens ...
Dark Reading

OAuth Abuse: The Threat of Illicit Consent Grants

Picture this: You invite a new friend over with the expectation of enjoying some time together and getting to know them better. But, instead of sitting quietly on your sofa, they rush off and start ...
CSOonline

How to defend against OAuth-enabled cloud-based attacks

Recently Malwarebytes reported that the SolarWinds hackers accessed its internal emails using the same intrusion vector they used in other attacks. The vector appears to abuse applications with ...
Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...