“OAuth 2.1” and beyond presented at NDCSecurity 2020

by Dominick Baier,

Summary : OAuth 2.0 was released in 2012 and is now a bit dated for some of today’s security requirements.The deprecation of some of the old flows and the addition of newer specs will form the new baseline for OAuth going forward - currently code-named “OAuth 2.1”. This talk will give you an overview of the more modern and advanced OAuth-related techniques around strong client authentication, proof-of-possession access tokens, resource indicators, identity delegation and hardening authorization requests using JWTs (JAR) and pushed parameters (PAR)