Identity, OAuth 2.0 & OpenID Connect
Security patterns, threat models, and implementation guidance for teams adopting OAuth 2.0 and OIDC for authentication and authorization.
OAuth 2.0 Security Patterns
Correct use of grants, token storage, refresh rotation, and scope design reduces the attack surface for identity and API access. We summarize the main threat vectors—token leakage, redirect manipulation, scope escalation—and the patterns that mitigate them in production.
Threat Models
A structured threat model for OAuth/OIDC deployments helps teams prioritize hardening: which components are in scope, what an attacker might target, and which controls are non-negotiable. Use our OAuth Threat Model template to run a lightweight assessment.
Reference Architectures
We outline reference architectures for B2B SaaS (tenant-aware identity, SSO), consumer apps (social + email, consent), and API-first products (machine-to-machine, scoped tokens). Each maps to common compliance and scale requirements.
Implementation Checklists
Before going live: PKCE for public clients, short-lived access tokens, secure refresh handling, and logging that does not expose tokens. The OAuth Threat Model template includes an implementation checklist so you can validate your deployment.