Good explanation! Liked it! I have QQ - at 5:08 where we are sending encrypted string with type of hashing s256 so anyone easily can decrypt that request
@AppSecEngineer
2 жыл бұрын
Thanks for your question. Just to clarify. This is not an encrypted string. Its a secure random value that is subsequently subjected to a SHA256 hash. So there's no question of decryption. And attempting to crack/collide this hash is nearly impossible because of the nature of the underlying random value. In addition to all these constraints, remember that this value is a one-time use value only. Its never used subssequently, and is transmitted over HTTPS, so these risks are quite mitigated. I hope we've clarified.
@guesswho2306
2 жыл бұрын
Got it. Thanks again!
@SudhanshuSrivastavaIndia
Жыл бұрын
Is it good practice to get PKCE as part of configuration injection from an app to a Login Framework which has OAuth 2.0?
@sanofamotivation
7 ай бұрын
Could you please create vedio on other grant types aswell
Пікірлер: 8