[OAUTH-WG] Some recent FUD about OAuth

Discussion:

Antonio Sanso

2016-04-11 07:04:34 UTC

Just sharing, do not shoot the messenger :)

http://insanecoding.blogspot.com/2016/04/oauth-why-it-doesnt-work-and-how-to-zero-day-attack.html

and companion website:

http://no-oauth.insanecoding.org/

regards

antonio

Hans Zandbelt

2016-04-11 07:26:34 UTC

Permalink

"JWT is a specification for allowing SSO or API usage between services.
In many ways JWT is like SAML"

makes me stop trying to parse/understand the rest of it

Hans.

Post by Antonio Sanso
Just sharing, do not shoot the messenger :)
http://insanecoding.blogspot.com/2016/04/oauth-why-it-doesnt-work-and-how-to-zero-day-attack.html
http://no-oauth.insanecoding.org/
regards
antonio
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth

--
Hans Zandbelt | Sr. Technical Architect
***@pingidentity.com | Ping Identity

Antonio Sanso

2016-04-11 07:37:03 UTC

Permalink

hi Hans,

indeed I found this article technically inaccurate and it annoyed me quite a bit…

regards

antonio

"JWT is a specification for allowing SSO or API usage between services. In many ways JWT is like SAML"
makes me stop trying to parse/understand the rest of it
Hans.

--
Hans Zandbelt | Sr. Technical Architect

Hannes Tschofenig

2016-04-11 19:12:21 UTC

Permalink

Antonio,

you should recommend him/her your new OAuth book! This may help to get
some of the misconceptions about OAuth clarified!

Ciao
Hannes