Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
Dark Reading

Security Flaw Found In OAuth 2.0 And OpenID; Third-Party Authentication At Risk

A security researcher has uncovered serious security vulnerabilities in the technologies used by many websites to authenticate users via third-party websites. A blog posted late last week revealed the ...
CSOonline

What is OAuth? How the open authorization framework works

Since the beginning of distributed personal computer networks, one of the toughest computer security nuts to crack has been to provide a seamless, single sign-on (SSO) access experience among multiple ...
Infosecurity-magazine.com

OAuth – authentication and authorization for mobile applications

Federation is a model of identity management that distributes the various individual components of an identity operation amongst different actors. The presumption being that the jobs can be ...
Ars Technica

Compromising Twitter’s OAuth security system

Twitter officially disabled Basic authentication this week, the final step in the company’s transition to mandatory OAuth authentication. Sadly, Twitter’s extremely poor implementation of the OAuth ...