Cyber security news for all

More

    How is the authentication carried out on an OAuth 2.0 authorization server?

    The Twitter client should have access to the account so that they can read and publish posts. However, you do not want to give the client their own password and perhaps even a second factor, such as a hardware token. This would give them general authority and could take over or delete the account entirely.

    OAuth For Fine Grained And Controlled Access

    The client does not use the user’s password, but a secret token that is issued only for him. The user controls which rights the client receives and which not. For example, the user can specify that the client create and manage posts, but cannot edit account settings. He can also withdraw these rights from the client at any time without changing his password by invalidating the token. The open authorization standard allows private data from games, apps and social networks to be securely shared with other online services.

    You can control which internal apps are allowed to access confidential data. Use OAuth 2.0 for app access control. With modern, more secure apps, access is determined using OAuth 2.0 areas and can be restricted for the respective API. This means that restricted user data for most services such as Gmail and Google Contacts can be accessed. You can use the app access control.

    Authorization Problems

    After the authentication on the OAuth 2.0 authorization server has been clarified in the name of which user a resource is accessed, the resource server carries out the authorization. He checks whether this user is authorized to use the resource in the requested manner. To be able to answer this, the server needs information. With OAuth2 a powerful standard is available, within the framework of which authentication and authorization can be implemented in microservices. It offers an equally powerful implementation, which can be used in a microservice landscape with manageable effort. By using an API gateway, OAuth2 can also be hidden as an attack surface from external access and mapped to simpler authentication methods.

    Recent Articles

    Unclear cyber attacks that target Covid-19 vaccine campaign

    Security researchers have discovered some cyber attacks that are targeted against the delivery of vaccine against COVID. The targeted attacks began in 2 months...

    New malware called Egregor is on the rise

    New malware is on the rise. The Egregor malware has only been in active for 2 months, but it is already becoming apparent that...

    Anyone with a smartphone can become a victim of cyber-mobbing

    Cyber-mobbing is becoming a huge risk in the current COVID crisis. According to a study, almost 20 percent of students in Germany are exposed...

    macOS Trojans: Traces lead to Vietnam

    Security researchers have discovered a new macOS Trojans. Behind this could be a well known hacker group that has spied on Vietnamese dissidents in...

    Court forces Tutanota to perform a surveillance function

    Tutanota email only stores its user mails in encrypted form and cannot read them itself. Tutanota is one of the few email providers that...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox