WAAD, OAuth and Javascript

יום שלישי, מרץ 4, 2014

As you probably know Microsoft released AAL (Windows Azure AD Authentication Library for .NET) which is a great API for interacting with WAAD and implement the OAuth code flow. This API is extremely easy to use yet it works only for single threaded (STA) clients. It means that you can use it in a console application or windows store app but not in a browser. The scenario in which a client wants to call a web api in a SPA (Single Page Application) looks very interesting so I searched for an JavaScript SDK for WAAD but I could not...
no comments

Is OAuth 2.0 Secure ?

יום שלישי, פברואר 4, 2014

When ever I introduce OAuth to my clients they ask. “Is it secure? We heard that …” There is doubt that there is a lot controversy about OAuth yet there is also no doubt that OAuth 2.0 is the leading authorization standard / framework in the web today. Eran Hammer one of OAuth original creators published lots of criticism on the final OAuth 2.0 specification in which he claims that OAuth 2.0 is not a specification but a framework. In his view the spec is not specific enough and leave to much room for variations in the implementations. He...
no comments