Yes! And that is *exactly* why I always advocate for pushing ... • Aaron Parecki

86°F

Barbara Schachner https://twitter.com/barschachner • May 31
Fully agree to that 😀

Just looking also at examples like https://insomniasec.com/blog/auth0-jwt-validation-bypass or https://threatpost.com/microsoft-oauth-flaw-azure-takeover/150737/.
o/c they are different + very individual, but if already the big players have such issues, how much more can go wrong on RS side where devs are usually not Auth experts.

Yes! And that is *exactly* why I always advocate for pushing the complexity to the authorization server and keeping the client side simple. Fewer options for clients means fewer ways to mess it up, and there will always be more client developers than AS developers.

Portland, Oregon • 54°F

Sun, May 31, 2020 6:43am -07:00

2 likes
Have you written a response to this? Let me know the URL:

Posted in /replies using indigenous.abode.pub/ios