←back to thread

An illustrated guide to OAuth

(www.ducktyped.org)
354 points egonschiele | 6 comments | 25 Aug 25 12:29 UTC | HN request time: 0.241s | source | bottom
1. fcpguru ◴[25 Aug 25 13:20 UTC] No.45013560[source]
where is the "session fixation" / token hijacking attack graphic? The history of 1.0 and the rush to put out OAuth 1.0a I will always remember. The year was 2008 and us yammer engineers implemented this new best practice auth system. It went live. And then suddenly a few days later someone in the office proved how the hijack was possible.
replies(1): >>45014867 #
2. 7bit ◴[25 Aug 25 15:23 UTC] No.45014867[source]
Why is that relevant. We are at OAuth 2.0. who cares about what's been 17 years ago?
replies(2): >>45015389 #>>45021888 #
3. brabel ◴[25 Aug 25 16:08 UTC] No.45015389[source]
2.1 is just around the corner.
replies(1): >>45015932 #
4. ted_dunning ◴[25 Aug 25 16:54 UTC] No.45015932{3}[source]
And 2008 is still 17 years ago.
replies(1): >>45017851 #
5. brabel ◴[25 Aug 25 19:23 UTC] No.45017851{4}[source]
What??
6. fcpguru ◴[26 Aug 25 03:14 UTC] No.45021888[source]
i guess it's not. just past trama. I had to talked about it. Better now.