@connect2id profile picture
Connect2id @connect2id

OpenID Connect and OAuth 2.0 for fintech, verified identity providers, innovative startups and enterprises

Joined May 2011
  • Tweets 984
  • Following 100
  • Followers 407
53 Photos and videos
Pinned Tweet
Connect2id@connect2id
31 Jul 2023
Type-safe Rich Authorization Request (RAR) support in v10.12 of the #OAuth 2.0 / #OIDC SDK connect2id.com/products/nimb…
2
291
Connect2id@connect2id
11 Mar 2024
The much anticipated STS API to ease federated logins with the @connect2id server is here connect2id.com/blog/connect2…

Connect2id server 15.4 introduces an STS web API to aid federated login

connect2id.com
149
Connect2id@connect2id
13 Feb 2024
The #OAuth 2.0 #JWT authZ grant (RFC 7523), somewhat of a mystery to developers, has great utility for backend services that need user-linked access tokens connect2id.com/products/serv…

OAuth 2.0 JWT grant for backend services

The JWT authorisation grant (RFC 7523) is an OAuth 2.0 extension grant that has been supported by the Connect2id server since v3.5. This grant is ideal to...

connect2id.com
1
2
315
Connect2id retweeted
Vladimir Dzhuvinov 🇪🇺 🇧🇬@dzhuvi
21 Jan 2024
The x.509 cert chain meets the #openid trust chain, @openidjp summit Tokyo 🇯🇵 2024 connect2id.com/blog/the-open…

The OpenID trust chain vs the X.509 certificate trust chain

Transcript of the entertaining 15 talk at the OpenID Summit 2024 in Tokyo, Japan

connect2id.com
10
14
1,689
Connect2id@connect2id
13 Nov 2023
Connect2id server 14.9 introduces automatic purge scan rate limiting for deployments with #AWS DynamoDB connect2id.com/blog/connect2…

Connect2id server 14.9

connect2id.com
134
Connect2id@connect2id
23 Oct 2023
v11.5 of the #OpenID Connect SDK is now capable of resolving #OpenID Federation 1.0 trust chains with custom #HTTP clients connect2id.com/products/nimb…
1
131
Connect2id@connect2id
23 Oct 2023
But what is #OpenID Federation 1.0? connect2id.com/learn/openid-…

OpenID Federation 1.0 and the trust chain explained

connect2id.com
71
Connect2id@connect2id
23 Oct 2023
Every now and then developers ask us how the Nimbus JOSE JWT library maps between JSON entities and Java classes connect2id.com/products/nimb…
95
The #Redis connector in the Connect2id server gets a sweeping update. The maximum concurrent session quota is per user is increased from 10 to 25. connect2id.com/blog/connect2…

Connect2id server 14.6

connect2id.com
78
The #OAuth / #OpenID Connect SDK can now work with custom HTTP clients, such as #Apache HttpClient or OkHttp connect2id.com/products/nimb…

How to use a custom HTTP client

The OAuth 2.0 / OpenID Connect SDK sends HTTP requests using Java’s included java.net.HttpURLConnection class. To use a another HTTP client, for...

connect2id.com
108
Connect2id@connect2id
15 Sep 2023
You can now use #AWS CloudHSM to secure and verify JWTs with the HMAC-based HS256, HS384 and HS512 JWS algorithms. Credits Ulrich Winter connect2id.com/products/nimb…
181
Connect2id@connect2id
14 Sep 2023
v10.15 of the #OAuth / #OpenID Connect SDK received an important fix that affected client X.509 certificate extraction in Jakarta Servlet deployments. Credits Jesper Öst connect2id.com/products/nimb…

Nimbus OAuth 2.0 SDK with OpenID Connect extensions

Comprehensive Java library for developing OAuth 2.0 and OpenID Connect clients and servers Standards compliant, robust and extensible Open source (Apache...

connect2id.com
93
Connect2id@connect2id
13 Sep 2023
Another contribution in Nimbus JOSE JWT 9.32 is EC JWS / JWT support for the Android biometric or PIN prompt. Credits Stian Svedenborg connect2id.com/products/nimb…

JWS with Android biometric prompt

The Android keystore has an API designed to prevent leaks of private keys as well as minimise the risk of unauthorised key use. By creating the key with...

connect2id.com
1
115
Connect2id@connect2id
13 Sep 2023
Thanks to the generous contribution of Egor Puzanov the Nimbus JOSE JWT lib can how handle JSON Web Encryption (JWE) to multiple recipients connect2id.com/products/nimb…
2
124
The redirect_uri validation in the #OAuth SDK incorporates new lessons from the OAuth Security Workshop 2023 connect2id.com/products/nimb…

Redirect URI validation

OAuth 2.0 servers must check the redirect_uri of received authorisation requests for being identical with a redirection URI registered for the client....

connect2id.com
4
4
955
#OAuth DPoP becomes RFC 9449 rfc-editor.org/rfc/rfc9449.h…
1
109
Connect2id@connect2id
11 Aug 2023
In #OAuth RAR the JSON objects that express the "authorization_details" have an explicit "type" to aid their parsing and validation. Connect2id server deployments can now check the RAR types in requests automatically, plugin code is no longer needed connect2id.com/blog/connect2…

Connect2id server 14.4 introduces Rich Authorisation Request (RAR) type checking

connect2id.com
1
92
Preview of the upcoming public JWE to multiple recipients connect2id.com/products/nimb…

JWE with multiple recipients

The general JSON serialisation of JWE supports encryption of a plaintext to multiple recipients, expressed in a single JSON object. The encryption...

connect2id.com
65
Connect2id@connect2id
22 Jul 2023
Examples show the new Nimbus JOSE JWT facility for sourcing JWKs with rate-limiting, caching, retrial and outage support connect2id.com/products/nimb…

Validating access tokens

OAuth 2.0 leaves the choice how to encode access tokens up to implementers. The signed JSON Web Token (JWT) has become the most popular encoding for...

connect2id.com
2
129
Connect2id@connect2id
17 Jul 2023
One recognised drawback of refresh token rotation is that it can lead to false positives for legitimate OAuth 2.0 clients with a slow or poor network connection. How to mitigate that? connect2id.com/blog/connect2…

Connect2id server 14.2 introduces reuse grace period for rotated refresh tokens

connect2id.com
1
1
103
Load more