“Exploiting CSP in Webkit to Break Authentication & Authorization”
In every project I’ve worked on Oauth/SSO has been nothing but hassle, largely due to the difficulty of securing the redirects. Not supporting SSO is rarely an option, tho
... works as a web developer in Hveragerði, Iceland, and writes about the web, digital publishing, and web/product development
These are his notes
“Exploiting CSP in Webkit to Break Authentication & Authorization”
In every project I’ve worked on Oauth/SSO has been nothing but hassle, largely due to the difficulty of securing the redirects. Not supporting SSO is rarely an option, tho