←back to thread

An illustrated guide to OAuth

(www.ducktyped.org)
354 points egonschiele | 5 comments | 25 Aug 25 12:29 UTC | HN request time: 0.216s | source
Show context
fcpguru ◴[25 Aug 25 13:20 UTC] No.45013560[source]
where is the "session fixation" / token hijacking attack graphic? The history of 1.0 and the rush to put out OAuth 1.0a I will always remember. The year was 2008 and us yammer engineers implemented this new best practice auth system. It went live. And then suddenly a few days later someone in the office proved how the hijack was possible.
replies(1): >>45014867 #
1. 7bit ◴[25 Aug 25 15:23 UTC] No.45014867[source]
Why is that relevant. We are at OAuth 2.0. who cares about what's been 17 years ago?
replies(2): >>45015389 #>>45021888 #
2. brabel ◴[25 Aug 25 16:08 UTC] No.45015389[source]
2.1 is just around the corner.
replies(1): >>45015932 #
3. ted_dunning ◴[25 Aug 25 16:54 UTC] No.45015932[source]
And 2008 is still 17 years ago.
replies(1): >>45017851 #
4. brabel ◴[25 Aug 25 19:23 UTC] No.45017851{3}[source]
What??
5. fcpguru ◴[26 Aug 25 03:14 UTC] No.45021888[source]
i guess it's not. just past trama. I had to talked about it. Better now.