Search

Guest Blog: Implementing App-to-App Authorisation in OAuth2/OpenID Connect

What is app2app? App2app is a mechanism that allows mobile apps performing OAuth2 or OpenID Connect based authentication to offer a much simpler faster flow if the user already has an app provided by the authorization server owner installed on their mobile device. Here’s how it actually looks when I grant the moneyhub app on […]

Guest Blog: Formal Analysis of the OpenID Financial-grade API

Guest blog post by Daniel Fett (yes.com), Pedram Hosseyni, and Ralf Küsters (University of Stuttgart). The security of a web protocol is crucial, especially in the domain of financial applications and in other high-stakes environments. For identifying weaknesses in protocols and ensuring security, formal protocol analysis is the state-of-the-art method. The OpenID Financial-grade API (FAPI) […]