File:20151215-Top X OAuth 2 Hacks-asanso.pdf

The Web Authorization (OAuth) protocol allows a user to grant a third-party Web site or application access to the user's protected resources, without necessarily revealing their long-term credentials, or even their identity. As the web grows, more and more sites rely on distributed services and cloud computing or a third-party application utilizing APIs from multiple services. OAuth 2 is widely used from major internet players (as Google, Facebook, Twitter) in order to secure their (also REST) APIs. This talk will introduce the OAuth 2 framework and it will show security pitfalls and common implementation mistakes.