In this section we will discuss a few security related implication that we are facing this far.
- Access token storage
- OAuth2 Threat Model and Security Considerations (2013)
- OAuth 2.0 Security Best Current Practice
- 2.1.1 - Authorization Code Grant
- 4 - Attacks and mitigation's
- OAuth 2.0 for Browser-Based Apps
- Good practice: Protocols (and Frameworks) does not guarantee security, Developers Do
- Good practice: For Microsoft Frameworks, Use MSAL (v2) - not ADAL (v1 is deprecated)
- Good practice: Practice continuos threat modeling. Visit appsec.equinor.com for more information. ⚡️
- From your current perspective, what are your thoughts on risks related to implementing AuthN & AuthZ?