Hyperstella

What is OAuth 2.0? OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices. This informational guide is geared towards application developers, and provides an overview of OAuth 2 roles, authorization grant types, use cases, and flows. This specification and its extensions are being developed within the  IETF OAuth Working Group . How does Social Login work? Social Login is a simple process, with the following steps. The user enters your application and selects the desired social network provider. A login request is send to the social network provider. Once the social network provider confirms the user’s ide...

Implementation of the Double Submit Cookie Pattern is bit similar to the implementation of the Synchronizer Token Pattern. So before reading this post, It is better to read the last post about the "implementation of Synchronizer Token Pattern". The link for the previous post is as fallows https://hyperstella.blogspot.com/2018/05/cross-site-request-forgery-protection.html Double submit cookie pattern does not store the token value in the server side.It store the token value inside the cookie in the client side. In this post we are going to show the implementation process of  Double Submit Cookie Pattern , You can see a sample project (Github) :-  https://github.com/MalikDilsh/Cross-site-Request-Forgery-protection-in-web-applications-via-Double-Submit-Cookies-Patterns Step 1: First of all you have to  Create a web application similar to the Synchronizer Token Pattern. Because the implementation process of the double submit cookie pattern is mostly equal, ther...

What is Cross-site request forgery?   Cross-site request forgery , also known as  one-click attack  or  session riding  and abbreviated as  CSRF  or  XSRF , is a type of malicious  exploit  of a  website  where unauthorized commands are transmitted from a  user  that the web application trusts. Let’s take a look at a concrete example to get a better understanding. Assume that your bank’s website provides a form that allows transferring money from the currently logged in user to another bank account. For example, the HTTP request might look like: POST /transfer HTTP/1.1 Host: bank.example.com Cookie: JSESSIONID=randomid; Domain=bank.example.com; Secure; HttpOnly Content-Type: application/x-www-form-urlencoded amount=100.00 & routingNumber=1234&account=9876 Now pretend you authenticate to your bank’s website and then, without logging out, visit an evil website. The evil website contains an HTML page...