KM_Bloggerz

OAuth 2.0 Demo Application with GitHub API's What is OAuth 2.0 Authorization Framework? Today I will be discussing about OAuth 2.0 Framework and how to implement this in a web application along with a demonstration. The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. In the traditional client-server authentication model, the client requests a protected resource on the server by authenticating with the server using the resource owner’s credentials. In order to provide third-party applications access to protected resources, the recourse owner shares its credentials with the third party.   This would create several problems and limitations as shown below: ·        ...

What is Cross Site Request Forgery? Previously we discussed about what is CSRF and what are the potential CSRF, objectives of CSRF and an example for a possible CSRF attack. Also, I shared some information about the project I implemented to demonstrate the Synchronized Token Pattern. To read more please visit my previous blog post from here:  https://kmbloggerz.blogspot.com/2018/10/preventing-cross-site-request-forgery.html In this blog post, I will be discussing about the second pattern of preventing CSRF attack, which is Double Submit Cookie Pattern. Double Submit Cookie Pattern This is defined as sending a random value in both cookie and as a request parameter, with the server verifying of the cookie value and request value are equal. When a user authenticates to a site, the site should generate a cryptographically strong value and set it as a cookie on the user’s browser separated from the session id. The site does not need to save he session id. Then th...