OAuth is not Authentication - 2 min. OAuth #9
On Sept. 28, 2018, many news outlets like the New York Times (https://www.nytimes.com/2018/0....9/28/technology/face wrote about 50M users' data leak from Facebook [1]. The exact details are not known, but discussions in the Twitter-sphere are talking about one possible cause: using access token as an authentication token to impersonate a user.
In episode #9, I will explain the problem of this "impersonation semantics" and why you should not use "stock OAuth" for user authentication.
It took much more than 2 minutes - took 5 minutes instead, but I hope that is OK. Accordingly, for this episode only, the title says "5 min".
Subscribe to the channel to get (hopefully) Weekly video updates on "2 Minutes OAuth" and more.
Please translate this video for your language by going to http://www.youtube.com/timedtext_video?ref=share&v=iGFy1xHGGx4
Nat's Official Site: https://nat.sakimura.org/
Twitter: https://twitter.com/_nat_en
OpenID Foundation: https://openid.net/
Pulp Fiction inspired drawing of me and @ve7jtb by @NishantK.
Music: www.bensound.com
Filmed in Thon Hotel Opera, Oslo.
-
Category
No comments found