A Lap Around the OAuth2 Security BCP with Daniel Fett
Episode 4 | 34:10 min | 10.24.2020
A Lap Around the OAuth2 Security BCP with Daniel Fett
10
00:00
00:00
This is a podcast episode titled, A Lap Around the OAuth2 Security BCP with Daniel Fett. The summary for this episode is: On the fourth episode of Identity, Unlocked, host Vittorio Bertocci, principal architect at Auth0 is joined by Daniel Fett, a security specialist at yes.com. Daniel received his PhD from the University of Stuttgart through research on the formal analysis of web protocols. Daniel joins the podcast today to talk about the security BCP document.
Like this episode? Be sure to leave a five-star review and share Identity, Unlocked with your community! You can connect with Vittorio on Twitter at @vibronet, Daniel at @dfett42, or Auth0 at @auth0.
Takeaway 1 | 01:03 MIN
7
What is a BCP document and how is it different from the core specification?
Takeaway 2 | 00:50 MIN
7
What are the top-three most impactful recommendations in the BCP?
Takeaway 3 | 01:04 MIN
7
What are the problems with implicit grant?
Takeaway 4 | 01:46 MIN
7
Using authorization code grant when using PKCE.
Takeaway 5 | 01:12 MIN
7
What are the BCP recommendations around sender constraint?