No video
What is OAuth with PKCE and How Does it Work? | Way of the Future
Рет қаралды 4,405
Күн бұрын
@senk0than 3 жыл бұрын
what an amazing content...Thanks much Abhay
@AppSecEngineer 3 жыл бұрын
Glad you liked it!
@SudhanshuSrivastavaIndia Жыл бұрын
Is it good practice to get PKCE as part of configuration injection from an app to a Login Framework which has OAuth 2.0?
@guesswho2306 2 жыл бұрын
Good explanation! Liked it! I have QQ - at 5:08 where we are sending encrypted string with type of hashing s256 so anyone easily can decrypt that request
@AppSecEngineer 2 жыл бұрын
Thanks for your question. Just to clarify. This is not an encrypted string. Its a secure random value that is subsequently subjected to a SHA256 hash. So there's no question of decryption. And attempting to crack/collide this hash is nearly impossible because of the nature of the underlying random value. In addition to all these constraints, remember that this value is a one-time use value only. Its never used subssequently, and is transmitted over HTTPS, so these risks are quite mitigated. I hope we've clarified.
@guesswho2306 2 жыл бұрын
Got it. Thanks again!
@sanofamotivation 6 ай бұрын
Could you please create vedio on other grant types aswell
@AppSecEngineer 6 ай бұрын
Hey, we'll surely do that.
OWASP Foundation
Рет қаралды 13 М.