OAuth has been around for more than 10 years now, and has become the standard protocol for token-based security. Like every popular technology that has been growing with its requirements, there are some things which work really well, and some that did not quite stand the test of time. This talk looks at the essentials you should know about, if you would enter the OAuth ecosystem today. Which protocol flows and extensions should you study, which “dialects” like OpenID Connect are important, and if you decide to dive deeper, what would that “recommended reading” list look like? Check out our new channel: NDC Clips: ​@ndcclips Check out more of our featured speakers and talks at https://ndcconferences.com/ https://ndc-security.com/