Evolving OAuth and OIDC: Modern Practices for Securing Apps

  • Jun 10

Evolving OAuth and OIDC: Modern Practices for Securing Apps

  • Daniel Krzyczkowski

In this video we explore how the latest OpenID and OAuth standards can simplify authentication and authorization while strengthening overall security, walking through practical examples and latest enhancements.

In this video, you'll get a practical explanation of:

🟠 Implicit Flow - what it is, why it was used, and why you should move away from it

🟠 Authorization Code Flow with PKCE - the modern, secure replacement for public clients

🟠 Pushed Authorization Requests (PAR) — how to harden your authorization endpoint against tampering

🟠 Token Exchange - enabling secure delegation and service-to-service identity propagation

🟠 DPoP (Demonstrating Proof of Possession) - binding tokens to a client to prevent replay attacks

🟠 CIBA (Client-Initiated Backchannel Authentication) - decoupling authentication from the user's device for advanced use cases like permissions for AI agents

Whether you're a developer building OAuth-secured APIs, an architect designing identity systems, or simply curious about how modern login flows work under the hood - this video breaks it all down in plain terms with practical examples.

0 comments

Joinor login to leave a comment