🍈 Zettelkasten

❯

❯

Open Auth

Feb 28, 20261 min read

security

Similar to OpenID. When a user logs in with OAuth, they recieve a token to use for verification against SSO services.

Github OAuth
Discord sign-in

Process

Access token for API calls (short-lived)
Refresh token for renewal (long-lived)

Requesting OAuth

You go to the providers website
The provider gives you a redirect URI that you can set after authentication to redirect to your own site
Provider gives you a link for their own OAuth portal + info about your site, you can put this link in a button and say ‘Login with X’

Security Pitfalls

Open redirect URI, somebody does XSS and changes the redirect URI to the attacker’s server. Ensure there is a whitelist of URIs
Leaked client secrets in github repo, etc
Improper token storage in local Storage
No refresh token rotation

Graph View

Process
Requesting OAuth
Security Pitfalls

Backlinks

Single Sign On
Access Control Standards
CompTIA Security+
OpenID
Palo Alto OAuth Token Breach
Web Security
Rest API

Created with Quartz v4.4.0 © 2026

GitHub
Discord Community