Versions Compared

Version Old Version 7 New Version Current
Changes made by

Joel Collins

Joel Collins

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

An (extremely) brief summary of auth protocols

...

Note, OAuth2 is really just an authorization protocol: By default, the website does not know who the user is. Rather, upon signing in, the website is given a token providing access to e.g. Twitter, from with which is it can request user information. Twitter, in this case, is providing authentication. Their login page asserts you are who you say you are.

...

Importantly (from the link above, verbatim) "If a previously used refresh token is used again with the token request, the Authorization Server automatically detects the attempted reuse of the refresh token. As a result, Okta immediately invalidates the most recently issued refresh token and all access tokens issued since the user authenticated. This protects your application from token compromise and replay attacks."

Using Okta to manage sessions

...