[Openid-specs-ab] 1000 WAYS TO DIE IN MOBILE OAUTH

Brian Campbell bcampbell at pingidentity.com
Thu Aug 11 16:34:31 UTC 2016


On Wed, Aug 10, 2016 at 1:42 AM, Adam Dawes via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

>
> But in our experience, developers also get OIDC wrong far too often. The
> thing that is the biggest problem is proper ID token verification (issuer
> and audience checks). I really think that the community would be very well
> served with excellent open source JWT validation libraries on all major
> frameworks/languages. Google would be very interested in working with
> others on this problem. Please let me know if you have interest/ideas about
> how to improve this.
>
>
I've got a self-proclaimed excellent open source JWT validation library for
Java <https://bitbucket.org/b_c/jose4j/wiki/Home> that is able and willing
to help the cause.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160811/a6779e20/attachment.html>


More information about the Openid-specs-ab mailing list