Комментарии:
I watched a lot of videos about the context and this is the most clear and satifying explanation of them all. thank you very very much.
ОтветитьThanks a lot, Aaron. This is by far the best and comprehensive video I saw about these topics.
ОтветитьNice 👍 Please post some videos on OIDC Single Sign on.
ОтветитьExcellent content!
ОтветитьExcellent! Thank you very much!
ОтветитьThanks Aaron! This is the clearest explanation about oauth that I have seen
ОтветитьVery clear and concise Thanks a bunch!
ОтветитьFantastic video, thank you. In fact the only explanation of these concepts I could find that made sense.
ОтветитьGreat video, thank you for clearly explaining this topic!!!
Also Where did you get that shirt it is awesome!
By far the best explanation! 🙌
Thank you! You rock!
Fantastic explanation! Thank you!
ОтветитьGreat explanation! Thanks
ОтветитьExcellently explained! Thanks!
ОтветитьWow!!! This is SPOT ON. Thanks for the excellent presentation Aaron.
ОтветитьIt was nicely done, Aaron! Excellent presentation and effortless communication!
Ответитьthat is soooo useful! )
great explanation, thanks!
Such a great presentation !!!!
ОтветитьAmazing explanation.
ОтветитьOne more question : As mentioned in the use case , if the Access Token has 8 hours validity and during the registration/login , user gave consent for some explicit scopes ( example vehicle data) , the access token has the claims information and if clients are checking the claims information and validity against IDP token introspection endpoint and based on the response are letting the user uses their api. What if in the meantime , user revoke some of the consent ? Access Token will still consist the previously given consent information and if the client is based on IDP token introspection response then critical service access will become accessible. Revoking the token and asking the user to log in again so correct consent based token can be generated can lead to very bad user experience if IDP has global logout & SSO . Any best practices here ? Please share some . Thanx
ОтветитьHi , I have a question regarding Refresh Token Use case especially when we have a unreliable clients ( Native Apps) . The new best practice about Refresh Token mentions that it should be replaced with each new token exchange request . So basically with new token exchange request , client receives a new refresh Token along with Access & ID Token . How should we tackle a Logout scenario if client is mobile app . Mobile App can have very unreliable network and due to this User can be logout due to expired Token . Is there any best practices regarding this use case ? Thanks I’m advance . Ok
ОтветитьFantastic video!
Ответить