Curity has just released a whitepaper dedicated to the security of the hypermedia authentication API available in the Curity Identity Server.
The paper describes aspects of the security of OAuth and OpenID Connect standards in the context of hypermedia. It shows how some security measures of these protocols are different when using the API. It explains various methods by which a client's provenance is attested to, comparing the technique used with the API to that of a typical browser-based interaction. Moreover, the terms first- and third-party applications are defined, and we provide an in-depth overview of what DPoP is.
Readers of the whitepaper will gain an understanding of the security issues affecting applications consuming the hypermedia authentication API and see that such applications are as safe, if not safer, than those that do not. After studying this paper, it should also be clear that the use of the API conforms to the standards mentioned above even if certain security measures are altered.
Download the whitepaper "Hypermedia Authentication API Security"