On Thursday, August 8nd, from 22pm, we will be hosting a YouTube Live broadcast with @ritou, also known as Akita's cat, titled "Is that QR code safe? Threats and countermeasures lurking in cross-device authentication and authorization flows." Logging in with QR codes is becoming more and more common. But is that...
Further display [Announcement] Is that QR code safe? ~ Threats and countermeasures lurking in cross-device authentication and authorization flows [YouTube Live]
One of the readers of the ID book said, "Why do we need an access token? Can't we just save the password?" That's right, now that I think about it, I didn't explain such a basic thing. So, I'll add it if I have a chance to revise it, but for now I'll put it on my blog.
Further display I heard a powerful phrase: "Why do we need an access token? Can't we just store the password?" So I'll explain it here.
As many of you may know, I am also an outside director of Authlete. Despite this, I have not been able to keep up with the latest developments, so I decided to learn from the video of Mr. Morikawa's seminar that was held the other day. For the past few weeks, the FAPI WG has been discussing the rotation of refresh tokens...
Further display Summary of Authlete's features for OAuth / OIDC profiling
I've been having fun trying out various explanations in the community, but one of the most interesting ones I've had is by Sara Cecchetti, head of Cognite at AWS. Write a biblical parable in the style of the King James Bible explainin...
Further display ChatGPT explains ID and access tokens in the style of the King James Bible
I appeared on Citi's YouTube channel. It was an interview about OpenID, FAPI, etc.
Further display [2020-09-17] Appeared on Citi Talks on Payments
This is yet another very late announcement, but today, April 4th, at 27pm Japan time, the UK Open Banking Implementation Entity and the OpenID Foundation will be co-hosting the "Open Banking Conformance & Certification" event...
Further display Open Banking Conformance & Certification Workshop
This is the latest announcement, but I will be appearing at APIDays London on the 13th at 11:10am local time. The APIDays London website is here: https://www.apidays.co/london The topic will be “FAPI update…
Further display Speaking at APIDays London (11/13)
In the previous video, I explained that the OAuth Resource Owner Password Credentials Grant should not be used except for backward compatibility. Then, I received a question saying, "Isn't it strange that we should not use it because it is written in RFC6749?" So, in response to that...
Further display The only time you should use the password grant: A 2-minute lesson on OAuth
OAuth has something called "Resource Owner Password Credentials (ROPC) Grant." In fact, some banks use this, and developers who see it sometimes ask me, "Can we use this too?" This YouTube…
Further display When should you use OAuth password grant? [2-minute OAuth tutorial]
This time, we talked about a characteristic of authorization codes that is not often discussed.
Further display [2 Minute OAuth] The Secret of the Authorization Code