OAuth is the standard protocol for securing APIs and user authentication (when you layer OpenID Connect on top). But OAuth is not just a single protocol – it’s a family of specifications – and new ones get added as we speak.

This talk looks at the latest revision of OAuth called OAuth 2.1, and picks out a couple of useful additional specification that help you improve the security of your token-based systems. Expect information on key rotation, the JWT profile, resource indicators, JAR & PAR and proof of possession access tokens.

#oauth #security #developer