OAuth 2.0 for Mobile Apps and SPAs

In one of my earlier articles on OAuth 2.0, we looked at how the OAuth framework can provide delegated access to the client application by issuing an authorization grant. Authorization grant refers to the way the client application gets the access token. There are various types of authorization grants that can be used depending on … Continue reading OAuth 2.0 for Mobile Apps and SPAs

OpenID Connect (OIDC)

In my earlier post on OAuth 2.0, we looked at how OAuth framework is meant to be used for delegated access. The framework is meant to provide a universally standard process by which client applications can gain access to a protected resource with a pre-defined authorization scope. The client application can access the resource without … Continue reading OpenID Connect (OIDC)

OAuth 2.0 Demystified

OAuth is a delegated authorization framework that allows an application to access protected resource without asking for user's credentials that own's the resource. It was developed as a specification to standardize the process for applications to gain access to user's data or for services to authorize access to other services (API authentication and authorization). OAuth … Continue reading OAuth 2.0 Demystified

JWT – Token Based Authentication

In my earlier post on Cryptography, we looked at some of the cryptographic techniques and cryptographic functions that are commonly used to secure the data. In this post, we'll discuss JSON Web Token (JWT) which is one of the most commonly used token based authentication. It has become quite popular since it allows the distributed systems to … Continue reading JWT – Token Based Authentication

AWS VPC Network Security

One of my earlier post on AWS Virtual Private Cloud described  the basics of VPC including some of the security features it offers to control which packets move in and out of the VPC. In this article let's look at the VPC network security in further detail. Following diagram shows an example of how the security groups and … Continue reading AWS VPC Network Security

AWS – Identity and Access Management

Identity and Access Management (IAM) is widely used in most of the enterprises to authenticate and authorize the users to grant access to applications and systems that supports various functions within the organization. It is one of the basic components when it comes to enterprise security and defense in-depth principles that organizations adopt to protect … Continue reading AWS – Identity and Access Management

Spring Boot Mutual Authentication (2 Way SSL/TLS)

In one of my earlier articles on cryptographic basics, I discussed about the 3 basic services provided by cryptographic techniques i.e. confidentiality, integrity and authentication. Let's see how we can have confidentiality and authentication implemented in a Spring Boot Application. SSL/TLS establishes an encrypted link between client and server application such that all the communication between the … Continue reading Spring Boot Mutual Authentication (2 Way SSL/TLS)

Cryptography Basics

In the last two decades there has been a significant push towards digitization of services allowing us to do online shopping, banking, media streaming and the list goes on. In order to access these services, customers need to share their personal data and the highly sensitive data like credit cards, SSN, bank accounts details etc. with the service provider. Hence, … Continue reading Cryptography Basics