Site icon API Security Blog

OAuth 2.

0 is still the most popular authorization protocol, but it has a number of limitations that are being addressed by OAuth 3.0 and OpenID Connect (OIDC).

The main problem with OAuth 2.0 is that it does not provide any way to revoke access tokens once they have been issued — which means you need to store them in your database forever or else risk exposing users’ data if an attacker gets hold of the token. This makes things more complicated for developers who want to support revocation: either they need to implement their own solution, or use some third-party tooling like Keycloak or Auth0 (which both require additional setup)
https://t.co/JkWPcq35rC

Exit mobile version