Showing posts from oauth

Securing isolated systems: Caveats of using plain OAUTH flows and how to solve them

Securing isolated systems: Caveats of using plain OAUTH flows and how to solve them

While OIDC and OAUTH are well-known standards, they don’t fit every purpose “out of the box.” In businesses with special regulations like banking, health care, etc., non-functional requirements to auth can be challenging. Different solutions and ways were evaluated to create a new identity provider for a medical network. The first approach was “just” using simple OAUTH by its most famous Authorization Code Flow. Of course, it failed fast, and I’ll show why and how we solved it in this post.