March '22 - Step-up authentication, UK Open Banking, and an ROPC update
March '22 - Step-up authentication, UK Open Banking, and an ROPC update
A deep dive into some advanced OAuth and OpenID Connect topics.
Step-up authentication
Top billing goes to my piece on implementing step-up authentication using the building blocks already provided by OAuth and OpenID Connect. It also includes an emerging standard for APIs to trigger step-up authentication using the WWW-Authenticate header.
Step-up authentication with OAuth and OpenID Connect
UK Open Banking
Next up is an article on the OAuth side of the UK’s Open Banking standard. If you understand OAuth and you’re looking to learn the many acronyms of Open Banking, then this is the article for you.
Open Banking for OAuth Developers
Updates
I’ve also updated my old ROPC article, adding up-to-date arguments, softening the tone, and improving the structure. I’ve turned comments back on for this article, but we’ll see how that goes…
Don't use the OAuth password grant type
Ukraine
Last month I decided to block traffic from Russia & Belarus, asking that the reader instead consider protesting the invasion of Ukraine. Around 50 people per day see this request.
