One recognised drawback of refresh token rotation is that it can lead to false positives for legitimate OAuth 2.0 clients with a slow or poor network connection. How to mitigate that? connect2id.com/blog/connect2i…

Examples show the new Nimbus JOSE+JWT facility for sourcing JWKs with rate-limiting, caching, retrial and outage support connect2id.com/products/nimbu…

Preview of the upcoming public JWE to multiple recipients connect2id.com/products/nimbu…

In #OAuth RAR the JSON objects that express the "authorization_details" have an explicit "type" to aid their parsing and validation. Connect2id server deployments can now check the RAR types in requests automatically, plugin code is no longer needed connect2id.com/blog/connect2i…

#OAuth DPoP becomes RFC 9449 rfc-editor.org/rfc/rfc9449.ht…

The redirect_uri validation in the #OAuth SDK incorporates new lessons from the OAuth Security Workshop 2023 connect2id.com/products/nimbu…

Thanks to the generous contribution of Egor Puzanov the Nimbus JOSE+JWT lib can how handle JSON Web Encryption (JWE) to multiple recipients connect2id.com/products/nimbu…

Another contribution in Nimbus JOSE+JWT 9.32 is EC JWS / JWT support for the Android biometric or PIN prompt. Credits Stian Svedenborg connect2id.com/products/nimbu…

v10.15 of the #OAuth / #OpenID Connect SDK received an important fix that affected client X.509 certificate extraction in Jakarta Servlet deployments. Credits Jesper Öst connect2id.com/products/nimbu…

You can now use #AWS CloudHSM to secure and verify JWTs with the HMAC-based HS256, HS384 and HS512 JWS algorithms. Credits Ulrich Winter connect2id.com/products/nimbu…

The #OAuth / #OpenID Connect SDK can now work with custom HTTP clients, such as #Apache HttpClient or OkHttp connect2id.com/products/nimbu…

The #Redis connector in the Connect2id server gets a sweeping update. The maximum concurrent session quota is per user is increased from 10 to 25. connect2id.com/blog/connect2i…

Every now and then developers ask us how the Nimbus JOSE+JWT library maps between JSON entities and Java classes connect2id.com/products/nimbu…

Connect2id server 14.9 introduces automatic purge scan rate limiting for deployments with #AWS DynamoDB connect2id.com/blog/connect2i…

The x.509 cert chain meets the #openid trust chain, OpenID Foundation JP summit Tokyo 🇯🇵 2024 connect2id.com/blog/the-openi…

The #OAuth 2.0 #JWT authZ grant (RFC 7523), somewhat of a mystery to developers, has great utility for backend services that need user-linked access tokens connect2id.com/products/serve…

The much anticipated STS API to ease federated logins with the Connect2id server is here connect2id.com/blog/connect2i…