CODEBITS VI: OAuth 2.0: theory and practice

This session has two goals. First, it aims to present a brief overview of the OAuth 2.0 Authorization Framework, introducing its core concepts, such as: protocol flows, authorization grant types and tokens types.

This session has two goals. First, it aims to present a brief overview of the OAuth 2.0 Authorization Framework, introducing its core concepts, such as: protocol flows, authorization grant types and tokens types.
Second, it provides concrete advice on how to securely use this framework, both as an API provider (i.e. Resource Server) and as an API consumer (i.e. Client), namely: confidential clients vs. public clients, tokens formats and lifetimes, usage in mobile native applications, common threats and adequate countermeasures, security limitations and available code libraries.