The Case for OAuth 3.0

6 min readNov 26, 2019

It’s been about a year since I proposed that we should move past OAuth 2.0, and a lot has happened since then to tackle some of the issues that I raised. I helped lead the TxAuth session at IETF 106 in Singapore last week, and we had a number of side meetings and follow ons from that to discuss the implications. So far, we’re seeing two major approaches: extending OAuth 2.0, and building a new protocol from the ground up. I think there’s room for both in the world, for different reasons.

Written by Justin Richer

528 Followers

Justin Richer is a security architect and freelance consultant living in the Boston area. To get in touch, contact his company: https://bspk.io/

More from Justin Richer

Justin Richer

Signing HTTP Messages

There’s a new draft in the HTTP working group that deals with signing HTTP messages. Why is it here, and what does it give us?

7 min readMay 4, 2021

Justin Richer

What happened to MITREid Connect?

MITREid Connect was, at one time, one of the top open source implementations of OpenID Connect and OAuth 2.0. Written in Java and targeted…

5 min readMay 2

Justin Richer

Mobile Apps and OAuth’s Implicit Flow

I manage an open source implementation of OAuth 2.0 (along with OpenID Connect and a bunch of extensions) called MITREid Connect. As the…

8 min readJan 2, 2017

Justin Richer

Deployment and Hosting Patterns in OAuth

Back in 2006 (when OAuth started), if you wanted to run a server you would basically need to do everything with it on your own. These days…

9 min readJul 26, 2017

See all from Justin Richer

Recommended from Medium

Shawn Shi
in
Geek Culture

Single Sign-On (SSO) Simplified: Understanding How SSO Works in Plain English

(part 1) Discuss how single sign on works and how to implement a SSO server in your software ecosystem in plain English.

7 min readJan 23

Love Sharma
in
Dev Genius

System Design Blueprint: The Ultimate Guide

Developing a robust, scalable, and efficient system can be daunting. However, understanding the key concepts and components can make the…

9 min readApr 20

Lists

Staff Picks

329 stories83 saves

Stories to Help You Level-Up at Work

19 stories53 saves

Self-Improvement 101

20 stories107 saves

Productivity 101

20 stories116 saves

The PyCoach
in
Artificial Corner

You’re Using ChatGPT Wrong! Here’s How to Be Ahead of 99% of ChatGPT Users

Master ChatGPT by learning prompt engineering.

7 min readMar 17

Shawn Shi
in
Geek Culture

Build Your Own Authentication Server for Single Sign-On (SSO) in ASP.NET Core

Discuss how to build a custom authentication server for SSO using ASP.NET Core Identity and Identity Server.

5 min readJan 24

Aleid ter Weel
in
Better Advice

10 Things To Do In The Evening Instead Of Watching Netflix

Device-free habits to increase your productivity and happiness.

5 min readFeb 15, 2022

Jacob Toftgaard Rasmussen
in
Geek Culture

How To Add JWT Authentication To An ASP.NET Core API

Step by step guide to user registration and authentication using ASP.NET Core 7, Identity and PostgreSQL

14 min readJan 28

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech