Attached: 1 image Trying to find original attribution for parts of the OIDC spec and it's just
GitHub Actions has supported using OIDC tokens for about 15 months now. It is a much better of providing AWS credentials to workflows than creating IAM users and storing long-lived access keys in GitHub Actions secrets.
This is very cool! Looks like I need to implement OpenID Connect for my #IndieAuth server so I can get in on this 👀
The @projectsigstore documentation has a new Gitsign section explaining everything you need to know to start signing your commits with an OpenID identity, such as your GitHub or Google account. No need for dealing with GPG keys! docs.sigstore.dev/gitsign/overvi…
Erika Heidi 🌵✨ (@erikaheidi)Thu, 16 Jun 2022 13:51 +0000
Getting the OpenID Connect thumbprint for AWS on the command-line with Go (2 mins read).
How to automagically retrieve an OpenID Connect thumbprint for use with AWS' OpenID Connect federated identity.
Easy to use OpenID Connect client and server library written for Go and certified by the OpenID Foundation - GitHub - zitadel/oidc: Easy to use OpenID Connect client and server library written for ...
Protecting an Architect Framework Application with OAuth2 or OpenID Connect Authentication (4 mins read).
How to set up OAuth2/OpenID Connect authentication with an Architect Framework application.
OpenID Certified™ Relying Party (OpenID Connect/OAuth 2.0 Client) implementation for Node.js. - GitHub - panva/node-openid-client: OpenID Certified™ Relying Party (OpenID Connect/OAuth 2.0 Client) ...
Automagically deploying Architect Framework applications to AWS uisng GitLab CI (3 mins read).
How to use GitLab's OpenID Connect support with AWS, to allow deployment using the Architect Framework automagically on GitLab CI.
Why You Should Avoid using Client Secret Authentication for OAuth2 Client Credentials (7 mins read).
Why I recommend against using client secret authentication for OAuth2 and OpenID Connect APIs.
Implementing IndieAuth Server Metadata (2 mins read).
Announcing support for OAuth Server Metadata on my IndieAuth Server.
So with the recent discovery that GitHub Actions create an OIDC identity per run, it's possible to configure Vault to allow auth w/ Actions identities and subsequently use that to get access to... anything. Some cleanup required but this is very promising! (c/o @grantorchard)
Mitchell Hashimoto (@mitchellh)Mon, 20 Sep 2021 21:02 +0000
Recommended read: Hidden OAuth attack vectors https://portswigger.net/research/hidden-oauth-attack-vectors
Generating the Client Assertion JWT for
private_key_jwt Authentication with Ruby (1 mins read).
A helper script to generate the client assertion required to authenticate to an Authorization Server that supports
private_key_jwt, on the command-line with Ruby.
Recommended read: The Real Cause of the Sign In with Apple Zero-Day • Aaron Parecki https://aaronparecki.com/2020/05/31/30/the-real-cause-of-the-sign-in-with-apple-zero-day
Recommended read: An Illustrated Guide to OAuth and OpenID Connect https://developer.okta.com/blog/2019/10/21/illustrated-guide-to-oauth-and-oidc
Recommended read: A Thorough Introduction to PASETO https://developer.okta.com/blog/2019/10/17/a-thorough-introduction-to-paseto
This is very good news - open standards like OpenID Connect (OIDC) make interoperability and integration easier, so hats off to Apple!
Recommended read: Apple Successfully Implements OpenID Connect with Sign In with Apple https://openid.net/2019/09/30/apple-successfully-implements-openid-connect-with-sign-in-with-apple/
You're currently viewing page 1 of 1, of 27 posts.