topic 13
Security
OWASP, OAuth 2.1, JWT pitfalls, CSP, SSRF.
OAuth 2.1 and OIDC: delegated authorization that does not leak
PKCE everywhere, exact redirect match, refresh rotation, sender-constrained tokens. Skipping any one mandatory check is a CVE.
- 1 What OAuth is and why passwords are not the answer
- 2 Authorization code flow with PKCE
- 3 ID token validation and JWKS cache management
- 4 Refresh token rotation and scope-based least privilege
- 5 Sender-constrained tokens: DPoP and mTLS
- 6 OAuth in production: audience attacks, observability, and real failures
- 7 OAuth/OIDC: multiple-choice review
- 8 OAuth/OIDC: free-recall review
- 9 OAuth/OIDC: code review
- 10 OAuth/OIDC: build and audit a hardened login
Supply chain
Coming soon — Web security
Putting it together
Coming soon — Web security
You can see the whole topic now.
Every unit, from the underground to the orbit. Security is one constellation in the atlas — climb another topic and watch the next one light up.