OAuth is the foundation of most of modern online security, used everywhere from signing in to mobile apps, to protecting your bank accounts. Despite its ubiquity, it is still often difficult to implement safely and securely, especially in today's landscape, which is dramatically different from the world of online security as it existed when OAuth was initially created.

This talk will explore several real-world OAuth hacks that affected major providers like Twitter, Facebook and Google. I'll share the details of how each specific attack happened, as well as what they could have done to prevent it. Some of these attacks exploited technical flaws in the system, and some exploited the easier to hack, squishier component in the middle: people.

---
NOTE: Somehow at 22:25 I managed to cut out a sentence. It should say "Facebook had this great feature called 'View As'. You could be on your profile page and click View As and see what your profile looked like to someone else."

---

Buy the book! https://amzn.to/2S6Uj4e

Learn more about OAuth at https://oauth.net

---

Okta is a developer API service that stores user accounts for your web apps, mobile apps, and APIs.

* Sign up for Okta for free at https://developer.okta.com/signup/
* For more info visit us at https://developer.okta.com/
* Developer Blog: https://developer.okta.com/blog/
* Follow us on Twitter:   / oktadev  
* Follow us on FB:   / oktadevelopers  
* Follow us on LinkedIn:   / oktadev  

hacker icon by sultan mohammed from the Noun Project