Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover. Third-party applications that allow single sign-on via Facebook ...

Three researchers from the Chinese University of Hong Kong discovered a flaw in how app developers and identity providers support Single-Sign-On (SSO) via the OAuth 2.0 protocol, a flaw that allows an ...

Organizations can now use Descope as a dedicated auth and access control layer for AI agents and MCP servers with ephemeral ...

Application-based attacks that use the passwordless “log in with…” feature common to cloud services are on the rise. Against the backdrop of widespread remote working and the increased use of ...

Researchers have discovered a set of previously unknown methods to launch URL redirection attacks against weak OAuth 2.0 implementations. These attacks can lead to the bypassing of phishing detection ...

Since the beginning of distributed personal computer networks, one of the toughest computer security nuts to crack has been to provide a seamless, single sign-on (SSO) access experience among multiple ...

Learn how to design secure OAuth scopes and consent flows for enterprise applications. A complete guide for CTOs on API ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Microsoft has been rushing out new Microsoft Teams features to help 75 million people each day teleworking during the coronavirus pandemic. But one part of the Microsoft Teams portfolio that hasn't ...