g3rv4

oauth articles

TL;DR: As part of a system to report the time I’ve worked on an issue from TimeDoctor to JIRA, I’m doing the OAuth2 dance using selenium and PhantomJS (effectively doing what OAuth2 without a password grant tries to avoid… having the application know the user password).

Doing authentication and authorization of an AngularJS application with a C# backend, using signed tokens… I thought a lot about security, is it enough? I’m not sure, but I surely like this article :)