My thoughts on how to make upgrading scary low level packages less scary
https://www.reddit.com/r/ruby/comments/1kohsg8/oauth2_v2010_released/
Gatehouse-TS – TypeScript port of Rust's authorization policy framework
An Introduction to MCP and Authorization | Auth0.
https://auth0.com/blog/an-introduction-to-mcp-and-authorization/
Le #Royaume-Uni #UK impose une taxe d’entrée aux #Européens, une #ETA #Electronic #Travel #Authorization , ou #Autorisation #Electronique de #Voyage
Ça mériterait bien un petit #Liberation #Day et des #taxes #réciproques pour les #citoyens #britanniques.. (sorry guys..)
Gatehouse – a composable, async-friendly authorization policy framework in Rust
Very stoked to announce that I will be speaking at #OWASP #Snowfroc this Friday at 11:00 in the Great Hall. The talk is entitled "Patterns of failure in modern #authorization" and it's mostly about why #authz is getting harder (instead of easier). I'll be citing some academic research but also looking at some interesting examples of authz failure at some fairly large, well-known brands. Hope to see you there!
p.s. I've never been to #Denver so looking forward to checking the city out a bit too. If you have suggestions for things to do (read: eat), let me know!
@GossiTheDog the sheer fact that #MSPs & #CSPs can access clients' setups without proper #authorization [including #KYC / #KYB, #AuthCode|s and proper authorization via contract] is already sickening.
Such fundamental #ITsec fuckups are reasons alone not to use #Azure or any #Microsoft products & services at all...
Device Code Phishing
This isn’t new, but it’s increasingly popular:
The technique is known as devic... https://www.schneier.com/blog/archives/2025/02/device-code-phishing.html
#Development #Explainers
What’s OAuth2 anyway? · How the most popular authorization framework works https://ilo.im/1623dq
_____
#Authorization #Authentication #Credentials #OAuth #OAuth2 #ClientServer #Security #WebDev #Frontend #Backend
A big source of confusion & security issues & tech debt, comes from devs not understanding the difference between #Authorization and #Authentication.
Amplified by libraries bodging them together. Or naming it "auth".
But worse is when official protocols start mixing them up:
> Authorization Server – the place where, in a pure OAuth 2.0 authorization flow, end-users authorize third-party applications to act on their behalf; or, in an OpenID Connect flow, where end-users authenticate.
New Microsoft docs: Configure JWT bearer authentication in ASP.NET Core
https://learn.microsoft.com/aspnet/core/security/authentication/configure-jwt-bearer-authentication
#jwt #aspnetcore #dotnet #oidc #bearer #authorization #access #security
Thanks Mike Kistler Rick Anderson Stephen Halter
Blogged: ASP.NET Core user application access token management
https://damienbod.com/2025/01/20/asp-net-core-user-application-access-token-management/