May 10, 2018

XSRF (CSRF) Protection - Double Submit Cookie

Introduction If storing the CSRF token in session (Synchronizer Token) is problematic when the user base is pretty large, an alternative defense is use of a double submit cookie. A...

May 10, 2018

XSRF (CSRF) Protection - Synchronizer Token Pattern

  Introduction This is the most popular implementation to prevent Cross-site Request Forgery (CSRF), and it makes use of a challenge token that is associated with a particular user which...

May 10, 2018

Accessing Facebook's Graph API via our Access Token

Introduction The previous post on OAuth discussed the authorization procedure in order to access protected resources form a resource server. Here, in this post, we'll actually implement code to access...

May 10, 2018

Environment Setup for OAuth and XSRF Demonstrations

Introduction The implementations described in the previous posts listed below were implemented in the Laravel PHP Framework environment within the Apache web server. XSRF (CSRF) Protection – Double Submit Cookie...

May 10, 2018

Demonstrating OAuth 2.0 using Facebook's Graph API

Introduction OAuth 2.0 is regarded as the industry-standard protocol for authorization. It works by delegating user authentication to the service that hosts the user account (trusted identity provider), and authorizing third-party...