PKCE: What can(not) be protected
This post is about PKCE [ RFC7636 ], a protection mechanism for OAuth and OpenIDConnect designed for public clients to detect the aut...
Showing posts with label OpenID Connect. Show all posts
Showing posts with label OpenID Connect. Show all posts
November 16, 2015
Add Comment
BrowserID,
Facebook Connect,
Microsoft Account,
OpenID,
OpenID Connect,
SAML,
Single Sign-On,
WS-Attacker,
XML
EsPReSSO - A good morning starts with coffee! In this posts I describe the tool, I wrote for my Bachelor thesis at the Chair for Network and...
Attacking OpenID Connect 1.0 - Malicious Endpoints Attack
In this post we show a novel attack on OpenID Connect 1.0 , which compromises the security of the entire protocol - the Malicious Endpoints ...
Subscribe to:
Posts (Atom)