OAuth Sketch Notes Q&A - PKCE, Scopes, Security, Passwordless

Fleeting

• External reference:

OAuth 2.1, Aaron Parecki

a cookie to deal with session create fewer attack surface

It is discussed the trichotomy between authentication vs identification vs authorization.

ID Tokens vs Access Tokens,

reference token vs self-encoded access token

Permalink