Dark Reading

OAuth Flaw in Expo Platform Affects Hundreds of Third-Party Sites, Apps

A vulnerability in the implementation of the Open Authorization (OAuth) standard that websites and applications use to connect to Facebook, Google, Apple, Twitter, and more could allow attackers to ...
CSOonline

Failure to verify OAuth tokens enables account takeover on websites

Report shows the importance of ensuring OAuth implementation is secure to protect against identity theft, financial fraud, and access to personal information ...
techtimes

From OAuth to JWT: Nikhil Chandrashekar's Comprehensive Guide to Secure Authentication

In today's interconnected digital world, secure authentication is paramount, forming the backbone of reliable and safe digital applications. As one of the industry's most seasoned experts and leaders, ...
Ars Technica

Compromising Twitter’s OAuth security system

Twitter officially disabled Basic authentication this week, the final step in the company’s transition to mandatory OAuth authentication. Sadly, Twitter’s extremely poor implementation of the OAuth ...
The Next Web

Threadsy is first web based Email client to implement Gmail OAuth. No passwords needed! [Updated]

Update: This article originally stated that Threadsy was the first web app to implement Gmail OAuth which was incorrect. That title goes to Etacts. Thready was the first web based email client to ...
Computer Weekly

Salt Labs identifies OAuth security flaw within Booking.com

Critical security flaws in Booking.com’s implementation of Open Authorization (OAuth) could have enabled attackers to launch large-scale account takeovers, putting millions of people’s sensitive ...
TechRepublic

A How-to Guide to OAuth & API Security

This informative whitepaper describes what OAuth is and how it fits into a complete API security solution. Read now to understand the complexity of implementing OAuth, and how you can make an OAuth ...