Techly NewsGet the app

Get the latest tech news

What's OAuth2, anyway?


Why the OAuth2 protocol was designed the way it is and how it works.

We could try building a Git hosting functionality directly into the platform, but that’s a huge piece of work, while our primary business goal is resource management, autoscaling, load balancing, etc. This is a simple GET request, so the sensitive access token is a part of the URL and can be potentially intercepted by other browser extensions, malicious scripts injected via XSS attacks, etc. If your client application cannot open a browser with the resource owner session or is limited in terms of input capabilities, and your users don’t really trust it, then go with the device code flow.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of oauth2

oauth2

Related news:

News photo

Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking | CloudSEK

« Job trends of HN Who Is Hiring?