Episode Thumbnail
Episode 4  |  34:10 min

A Lap Around the OAuth2 Security BCP with Daniel Fett

Episode 4  |  34:10 min  |  10.24.2020

A Lap Around the OAuth2 Security BCP with Daniel Fett

00:00
00:00
This is a podcast episode titled, A Lap Around the OAuth2 Security BCP with Daniel Fett. The summary for this episode is: On the fourth episode of Identity, Unlocked, host Vittorio Bertocci, principal architect at Auth0 is joined by Daniel Fett, a security specialist at yes.com. Daniel received his PhD from the University of Stuttgart through research on the formal analysis of web protocols. Daniel joins the podcast today to talk about the security BCP document. Like this episode? Be sure to leave a five-star review and share Identity, Unlocked with your community! You can connect with Vittorio on Twitter at @vibronet, Daniel at @dfett42, or Auth0 at @auth0.
Takeaway 1 | 01:03 MIN
What is a BCP document and how is it different from the core specification?
Takeaway 2 | 00:50 MIN
What are the top-three most impactful recommendations in the BCP?
Takeaway 3 | 01:04 MIN
What are the problems with implicit grant?
Takeaway 4 | 01:46 MIN
Using authorization code grant when using PKCE.
Takeaway 5 | 01:12 MIN
What are the BCP recommendations around sender constraint?