GitHub15 天
oauth-provider
The most scalable and customizable OpenID Certified™ OpenID Connect and OAuth Provider on the market. Become an OpenID Connect and OAuth2 Provider over night. Broad support for related RFCs. Written ...
Millions of airline customers possibly affected by OAuth security flaw
By abusing the flaw, they would be able to book hotel rooms, rent cars, and modify any booking information, easily. To make ...
GitHub13 天
oauth-providers.md
Opengist can be configured to use OAuth to authenticate users, with GitHub, Gitea, or OpenID Connect.
Microsoft19 天
What is OAuth?
The difference is that while OAuth is used for authorization to access resources, OIDC is used for authentication of a person’s identity. Both have a role to play in enabling two unrelated apps to ...
Google OAuth flaw leaves many users vulnerable via failed startup domains
Millions of people can potentially have their data stolen because of a deficiency in Google’s “Sign in with Google” ...
Employees of failed startups are at special risk of stolen personal data through old Google ...
As if losing your job when the startup you work for collapses isn’t bad enough, now a security researcher has found that ...
The Hacker News3 天
OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking
API vulnerability in airline-linked travel service exposed millions to account takeovers, booking fraud, and data theft ...
The Hacker News18 天
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains
Downstream software providers can also protect against the vulnerability in Google's OAuth implementation by using the sub field within their application as the unique-identifier key for the user. "We ...
TechCrunch12 天
Employees of failed startups are at special risk of stolen personal data through old Google ...
Google actually does have tech in its OAuth configuration that should prevent the risks outlined by Ayrey, if the SaaS cloud provider uses it. It’s called a “sub-identifier,” which is a ...