From the course: Web Security: OAuth and OpenID Connect (2019)
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Security considerations
From the course: Web Security: OAuth and OpenID Connect (2019)
Security considerations
- [Instructor] Now as we explore the security trade-offs of implicit grant type, there are two things to remember. First, the implicit flow wasn't deprecated because it's fundamentally insecure. In fact, most of the risks are addressed by good practices. Unfortunately most of us get sloppy at some point, so I recommend not using it. Second, although you're unlikely to build it fresh and new, you are likely to see it, debug it, and even have to maintain it within your applications. Therefore, I cover the security trade-offs here, not to encourage you to use it, but so that when you do fight it, you can make sure you're using it correctly. With that, let's walk through the security implications. Remember we're often passing around both authentication and authorization information. We have to protect it in transit. Therefore, we should only send and receive over HTTPS using SSL or TLS. Next, you must validate the access…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.