#OAuth
10 articles
Three Uses of a Public Key: Signing, Encryption, and Key Exchange
A public key has just three uses: signing, encryption, and key exchange. This article sorts real-world applications such as SSH public-key auth, WebAuthn, mTLS, private_key_jwt, code signing, and container signing into these three, and clarifies how they differ from shared-key schemes such as HMAC, with primary sources.
Everything About Digital Identity: Knowledge for Realizing a Secure and User-Centric Identity System
Everything About Digital Identity: Knowledge for Realizing a Secure and User-Centric Identity System
Introduction to Digital Identity: Essential Authentication, Authorization, and ID Management for Web Services
Introduction to Digital Identity: Essential Authentication, Authorization, and ID Management for Web Services
OAuth 2.0 Explained: Complete Guide to Flows, Tokens, and Implementation
Summary based on RFC 6749 (OAuth 2.0 Authorization Framework) and RFC 6750 (Bearer Token Usage).
A Comprehensive Introduction to OAuth: Principles and Practices for Implementing a Secure Authorization System
A Comprehensive Introduction to OAuth: Principles and Practices for Implementing a Secure Authorization System
A Book to Understand Attacks and Countermeasures on OAuth and OIDC (Redirect Attack Edition)
A Book to Understand Attacks and Countermeasures on OAuth and OIDC (Redirect Attack Edition)
A Tutorial Guide to Understanding OAuth2.0 Without Just Going Through the Motions!
A Tutorial Guide to Understanding OAuth2.0 Without Just Going Through the Motions!
Resources for Catching Up on OAuth2 and OIDC
Explore OAuth2, OIDC, JWT, and authentication standards through comprehensive specifications, books, and implementation guides.
A Book to Understand the Differences Between OAuth, OAuth Authentication, and OpenID Connect
A book to understand the differences between OAuth, OAuth Authentication, and OpenID Connect
Basics of Authentication and Authorization
Learn authentication and authorization fundamentals: identification, RBAC, ABAC, credential types, SSO, SAML 2.0, OAuth 2.0, and OpenID Connect with practical context.