Hypermedia Authentication API Security in Detail

Hypermedia Authentication API Security in Detail

The security of the hypermedia authentication API available in the Curity Identity Server

This paper describes aspects of the security of OAuth and OpenID Connect in the context of hypermedia. It shows how some security measures of these protocols are different when using the API.

It explains various methods by which the provenance of a client is attested to, comparing the technique used with the API to that of a typical browser-based interaction. Once the source of a client can be reliably known, authentication and user consent interactions with the API can be adapted. In making these points, the terms first- and third-party applications are defined, an in-depth overview of DPoP is also provided, and the paper outlines how to use modern execution environments to perform application attestation.

Next steps

Ready to modernize IAM?

Start Today - Build security and improve ease of use to stay ahead of the competition.