←back to thread

An illustrated guide to OAuth

(www.ducktyped.org)
354 points egonschiele | 2 comments | 25 Aug 25 12:29 UTC | HN request time: 0s | source
Show context
fcpguru ◴[25 Aug 25 13:20 UTC] No.45013560[source]
where is the "session fixation" / token hijacking attack graphic? The history of 1.0 and the rush to put out OAuth 1.0a I will always remember. The year was 2008 and us yammer engineers implemented this new best practice auth system. It went live. And then suddenly a few days later someone in the office proved how the hijack was possible.
replies(1): >>45014867 #
7bit ◴[25 Aug 25 15:23 UTC] No.45014867[source]
Why is that relevant. We are at OAuth 2.0. who cares about what's been 17 years ago?
replies(2): >>45015389 #>>45021888 #
brabel ◴[25 Aug 25 16:08 UTC] No.45015389[source]
2.1 is just around the corner.
replies(1): >>45015932 #
1. ted_dunning ◴[25 Aug 25 16:54 UTC] No.45015932[source]
And 2008 is still 17 years ago.
replies(1): >>45017851 #
2. brabel ◴[25 Aug 25 19:23 UTC] No.45017851[source]
What??