Mobile Development Gains in Databases and Authentication https://bit.ly/3bxogWm @bcamerongain @alexwilliams @IanPWard @aaronpk @rdegges @okta #Sponsored #mobile #database #Authentication
#authentication
-
Great article by @aaronpk on why you should never roll your own authentication.
https://aaronparecki.com/2020/05/31/30/the-real-cause-of-the-sign-in-with-apple-zero-day
#cybersecurity #datasecurity #privacy #authentication #consumerdataright #openbanking -
samuelgoto/sms-receiver: phone number verification
An interesting proposal to allow websites to detect certain SMS messages. The UX implications are fascinating.
-
PodPass: Proposal for an Open Protocol to Enable Direct Listener Relationships – RadioPublic (about.radiopublic.com)
-
Using Hardware Token-based 2FA with the WebAuthn API – Mozilla Hacks – the Web developer blog (hacks.mozilla.org)"As a credential is cryptographically tied to the web site that requested it, this step would fail if the origins don’t match. This prevents reuse of credentials generated for other websites."
-
So you implemented an OAuth 2.0 API...
While OAuth 2.0 is a good framework for building an API, the spec itself leaves many things un-specified, and it's up to the implementer to make a decision based on their own security requirements. As such, most OAuth 2.0 implementations are not interoperable, which is often cited as a failure of OAuth 2.0. On the other hand, the current state of OAuth 2.0 implementations is that they are often similar enough that developers don't need to learn too many new concepts when dealing with them.continue reading... -
OAuth 2.0 and Sign-In (www.cloudidentity.com)
OAuth 2.0 is not a sign-in protocol. Sign-in can be implemented by augmenting OAuth, and people routinely do so...
-
Password-less Logins from Your Own Domain with a Pebble Watch
IndieAuth is a way to use your own domain name to sign in to websites. To sign in, you enter your domain name, and IndieAuth looks for a supported authentication provider on your site and uses that to sign you in.continue reading... -
OAuth 2 Simplified
This post describes OAuth 2 in a simplified format to help developers and service providers implement the protocol.continue reading... -
Introducing IndieAuth
IndieAuth is a service that implements RelMeAuth, originally proposed by Tantek Çelik in February 2010. The original algorithm was described in a short text update on Tantek's website. Later that evening, Jeff Lindsay and Paul Tarjan implemented RelMeAuth in an open source Python library at Hacker Dojo and discussed/tested it in IRC. Tantek later launched a RelMeAuth prototype on his domain, which you can try out at tantek.com/relmeauth.continue reading...
