Cyber security news for all


    How is the authentication carried out on an OAuth 2.0 authorization server?

    The Twitter client should have access to the account so that they can read and publish posts. However, you do not want to give the client their own password and perhaps even a second factor, such as a hardware token. This would give them general authority and could take over or delete the account entirely.

    OAuth For Fine Grained And Controlled Access

    The client does not use the user’s password, but a secret token that is issued only for him. The user controls which rights the client receives and which not. For example, the user can specify that the client create and manage posts, but cannot edit account settings. He can also withdraw these rights from the client at any time without changing his password by invalidating the token. The open authorization standard allows private data from games, apps and social networks to be securely shared with other online services.

    You can control which internal apps are allowed to access confidential data. Use OAuth 2.0 for app access control. With modern, more secure apps, access is determined using OAuth 2.0 areas and can be restricted for the respective API. This means that restricted user data for most services such as Gmail and Google Contacts can be accessed. You can use the app access control.

    Authorization Problems

    After the authentication on the OAuth 2.0 authorization server has been clarified in the name of which user a resource is accessed, the resource server carries out the authorization. He checks whether this user is authorized to use the resource in the requested manner. To be able to answer this, the server needs information. With OAuth2 a powerful standard is available, within the framework of which authentication and authorization can be implemented in microservices. It offers an equally powerful implementation, which can be used in a microservice landscape with manageable effort. By using an API gateway, OAuth2 can also be hidden as an attack surface from external access and mapped to simpler authentication methods.

    Recent Articles

    Hackers stole thousands of passport data in Argentina

    In response to millions of dollars ransom refused by the Argentine Immigration Service, a ransomware group released passport data from hundreds of thousands of...

    USA wants to improve cybersecurity of space systems

    CISA has published a table this week that summarizes Chinese activities against cybersecurity. Some attacks have succeeded and enabled hackers to gain a foothold...

    Unknown attackers had access to personal data of Warner Music

    Warner Music Group has admitted a security incident in which customers card details were stolen in some of the company's online stores. Warner Music...

    Donald Trump wants to force a sale of TikTok to Microsoft

    It was recently announced that President Donald Trump plans to prohibit business with the owners of TikTok by decree. The American head of state...

    PIN protection is cracked for contactless payments

    Contactless payments by card only works up to typically 30 dollars without a PIN. The PIN is actually  requested for high payments. This is...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox