From the course: Web Security: OAuth and OpenID Connect
Join today to access over 24,900 courses taught by industry experts.
Security considerations - OAuth Tutorial
From the course: Web Security: OAuth and OpenID Connect
Security considerations
- [Instructor] Let's dive into the security considerations around the resource owner password flow, because honestly, there are a lot. Just like the other OAuth flows, the same rules apply. You need to make sure your communications are secured with something like TLS. Further, since this flow uses the client's secret, you need make sure it's protected in some backend or private component. You also need to protect the access token and make sure you use and store it safely. And of course, you've probably validated your token by now too, right? But the actual security issue is much bigger than any of those and it's unique to this flow. In all the other OAuth flows, the application sent the user to the authorization server or identity provider to authenticate and authorize the application. Instead, this one captures the user's credentials in the application itself and sends them to the server on the user's behalf behind the…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.