Sagara GunathungaSecure OAuth2 : Is Authorization Code Grant Type Secure Enough?The authorization code grant type is generally considered as the most secure, widely used and commonly recommended grant type within the…9 min read·Apr 16, 2024--1--1
Sagara GunathungaOAuth2 Token Exchange in PracticeOver time, OAuth2 has evolved to meet increasingly complex security needs that go beyond the basic capabilities of a Security Token Service…13 min read·Sep 25, 2023--1--1
Sagara GunathungaHow to register and manage OAuth2 clients?In the first post of this blog series about the OAuth2, I provided a comprehensive overview of the OAuth2 core specification and its…12 min read·Apr 19, 2021--1--1
Sagara GunathungaHow do you discover the OAuth2 server configuration?This is the 2nd post of my blog series about the OAuth2; reading the first post may help you to understand this current topic easily.8 min read·Apr 24, 2020----
Sagara GunathungaUnderstanding OAuth2 LandscapeNow it has been nearly 8 years after the formal approval of OAuth2 Core standard by IETF. Obviously, the OAuth2 is not a new technology…20 min read·Apr 19, 2020----
Sagara GunathungaAPI Security: How to avoid Broken Object Level Authorization & Broken Function Level AuthorizationOWASP project recently finalised their API Security Top 10 list into RC level; you can have a look at it from here. When I went through…8 min read·Oct 2, 2019--1--1
Sagara GunathungaReloading SAML: Web Browser SSO ProfileSo far I have discussed key constructs of SAML 2.0 core standard and few supportive standards such as IDP Discovery and SAML Metadata too…13 min read·Jun 9, 2018----
Sagara GunathungaReloading SAML : IdP DiscoveryThis post is somewhat different from other posts of this series, majority of the concepts that we are discussing here are not only specific…14 min read·May 12, 2018--1--1
Sagara GunathungaLooking for a GDPR compliant IAM product ?WSO2 Identity Server (WSO2 IS) is a leading open source IAM (Identity and Access Management ) product and a member of WSO2 middleware…4 min read·Apr 8, 2018----
Sagara GunathungaReloading SAML: Why do you need SAML Metadata?As we previously discussed, SAML is a structured format to define security information (assertions) about a subject (usually about an…9 min read·Apr 1, 2018--2--2