The session “Top OAuth2/OpenID Connect mistakes found in production mobile apps” has been accepted to Identiverse 2022, which will take place in Denver, USA, from June 21 to June 24, 2022. The session will be presented by Amir Sharif (FBK) and Joseph Heenan (Senior Architect at Authlete Inc).
Here is the abstract:
A combination of industry experience and analysis of many popular mobile apps has revealed that many of them fail to securely implement OAuth2 or OpenID connect. Joseph and Amir talk about the issues that have been seen recently, the potential problems these could cause, how these types of mistakes have happened – and most importantly, how you avoid making the same mistake. We also talk about how the authorization server vendors and service/identity providers can assist mobile developers that are integrating with them to create high-quality secure integrations.