GitHub - kareem2099/dotshare-auth-server Contribute to kareem2099/dotshare-auth-server development by creating an account on GitHub.

10/10

Auth server + extension both open source
github.com/kareem2099/dotshare-auth-server
github.com/kareem2099/DotShare
#opensource #typescript #oauth #vscode #nextjs

GitHub - codeninja/oauth-cli-coder: Seamlessly interact with CLI coders (Claude, Gemini, Codex) via tmux TUI sessions. Seamlessly interact with CLI coders (Claude, Gemini, Codex) via tmux TUI sessions. - codeninja/oauth-cli-coder

My solution to anthropic #oAuth restrictions when using #Openclaw is a persistant headless tmux session which exercised claude code, Gemini, and Codex vode agents within their own terminal.

github.com/codeninja/oa...

Its just like being at the terminal.

AIStudio SaaS Backend Development PHP & JavaScript Projects for ₹1500-12500 INR. I have already prototyped the front-end of my SaaS product in AIStudio and now need a production-ready backend that plugs i

#API #Development #Backend #Development #Database #Design #JavaScript #MySQL #OAuth #PHP #Software

Origin | Interest | Match

UCS, SSO & LDAP Integration / READ FIRST Automation & Linux Projects for $30-250 USD. ONLY specialist are needed. i do a small technically questionare because here are many low level people here, which pretend t

#Automation #Cloud #Security #Linux #Network #Security #OAuth #Technical #Documentation #Troubleshooting #Web

Origin | Interest | Match

Alleged Dataset Leak of Canva Exposes 900,000 User Records With Bcrypt Passwords, OAuth Providers, and Design Platform Usage Data A threat actor known as xorcat has posted an alleged Canva dataset containing 900,000 user records as a free download on an online forum, accompanied by a 20-record sample to demonstrate authenticity. The dump includes bcrypt ($2y$10$) hashed passwords, OAuth provider links (Google/Facebook/Email), account identifiers, and platform usage metadata that could...

A threat actor named xorcat leaked an alleged Canva dataset with 900,000 user records, including bcrypt hashed passwords, OAuth links, account IDs, and platform usage data exposing enterprise and third-party accounts. #DataLeak #OAuth #Australia

🔐 Modernizing .NET — Part 18: OAuth Authentication in ASP.NET Core Master the transition to OAuth in ASP.NET Core, from reverse proxy scheme detection to legacy redirect URI handler overrides.

Modernizing .NET Part 18! 🔐

Today we’re tackling OAuth in ASP.NET Core.

✅ Reverse proxy scheme detection
✅ Legacy redirect URI overrides
✅ Scalable, cloud-native auth

medium.com/@michael.kop...
#dotnet #csharp #security #oauth #aspnetcore #aspnet

You're Missing At Least Five

You're Missing At Least Five

#Oauth #authentication #Webdev #saas #security

programmerhumor.io/webdev-memes/youre-missi...

Somehow I just implemented an #OAuth login method for the first time in my 5 years as a web dev. I'd only ever done email + password auth before (with all the expected security measures). I guess better late than never. Having a great experience with Better Auth!

#webdev #coding #React #JavaScript

🔐 Secure, Scale, and Trade: Building an Enterprise-Grade API Token Marketplace In today's API-driven economy, authentication tokens are the currency that powers integrations, microservices, and third-party applications. But as organizations scale, managing these tokens becomes a complex logistical and security challenge. Enter token sprawl: lost keys, unauthorized access, and a lack of centralized oversight.

"🔐 Secure, Scale, and Trade: Building an Enterprise-Grade API Token Marketplace" by Michael G. Inso

#github #authentication #oauth #authorization #openai-gpt

Développement logiciel intégré outils communication - 23/03/2026 16:21 EDT Python & API Development Projects for $250-750 USD. Je cherche un développeur capable de bâtir un logiciel sur mesure et de l’enrichir, tout au long de l’année, avec des

#API #API #Development #Docker #Kubernetes #Node.js #OAuth #PostgreSQL #Python

Origin | Interest | Match

Auth0 AWS Amplify Gen2: OIDC Authorization for AppSync via Identity Pool Federation This guide walks through integrating Auth0 with AWS Amplify Gen2 using Cognito Identity Pool Federation and OIDC authorization for AppSync, covering the critical steps — such as CDK-level OIDC provider setup, custom credentialsProvider and tokenProvider implementation, and Auth0 domain format handling — that are missing from the official documentation.

"Auth0 AWS Amplify Gen2: OIDC Authorization for AppSync via Identity Pool Federation" by Kihara, Takuya

#aws-amplify #oauth #authentication #authorization #appsync

Hello Microsoft Identity Platform Hello, Microsoft identity platform!

ICYMI: (06/12/2020): "Hello Microsoft Identity Platform." RPs and feedback are always appreciated! https://jjg.me/3feJbfC #Articles #Azure #Identity #WebAPI #Api #OAuth #MSAL #Managed Identity #Entra

GitHub - stefanbohacek/auth-server Contribute to stefanbohacek/auth-server development by creating an account on GitHub.

Any fediverse developers with too much free time on their hands interested in helping me figure out why, when logging in with a Friendica account, I get an "Unprocessable Entity" error?

https://github.com/stefanbohacek/auth-server

#fediverse #oauth #fedidevs #nodejs #opensource

Matt Glaman Examines OAuth Scope and Permission Mismatch in Drupal A new blog post by Matt Glaman examines how Drupal’s permission system behaves under OAuth authentication, highlighting a mismatch between administrative permissions and scope-based access checks. The analysis explains why certain operations fail und...

Matt Glaman explores OAuth scope mismatches in Drupal permissions.

Shows how Simple OAuth differs from internal access handler logic.

Suggests Access Policy in Drupal 10.3 to align permission checks.
https://bit.ly/4uynzSZ

#Drupal #OAuth #WebDev #OpenSource

New phishing campaigns are abusing OAuth flows to gain persistent access without stealing credentials.

Even password resets don’t kick attackers out.

Identity security now includes managing tokens & app permissions.

www.helpnetsecurity.com/2026/03/weap...

#CyberSecurity #OAuth #IdentitySec

[DEEP RESEARCH] Who’s Most Likely to Abuse MCP Integrations? UNC3944, TraderTraitor, UNC6293 Three intrusion sets already excel at getting users to approve tools and auth flows. This assessment is probabilistic: it highlights who is best positioned to adapt that tradecraft to MCP-style…

Happy almost St. Paddy’s—don’t let users “approve” MCP tools like free green beer. UNC3944/TraderTraitor/UNC6293 win by *permission*, not exploits. ☘️🧨

Skim the playbook (then subscribe): blog.alphahunt.io/deep-researc...

#AlphaHunt #CyberSecurity #AI #OAuth

Hackers Abuse OAuth Flaws for Microsoft Malware Delivery  Microsoft has warned that hackers are weaponizing OAuth error flows to redirect users from trusted Microsoft login pages to malicious sites that deliver malware. The campaigns, observed by Microsoft Defender researchers, primarily target government and public-sector organizations using phishing emails that appear to be legitimate Microsoft notifications or service messages. By abusing how OAuth 2.0 handles authorization errors and redirects, attackers are able to bypass many email and browser phishing protections that normally block suspicious URLs. This turns a standards-compliant identity feature into a powerful tool for malware distribution and account compromise.  The attack begins with threat actors registering malicious OAuth applications in a tenant they control and configuring them with redirect URIs that point to attacker infrastructure. Victims receive phishing links that invoke Microsoft Entra ID authorization endpoints, which visually resemble legitimate sign-in flows, increasing user trust. The attackers craft these URLs with parameters for silent authentication and intentionally invalid scopes, which trigger an OAuth error instead of a normal sign-in. Rather than breaking the flow, this error causes the identity provider to follow the standard and redirect the user to the attacker-controlled redirect URI.  Once redirected, victims may land on advanced phishing pages powered by attacker-in-the-middle frameworks such as EvilProxy, allowing threat actors to harvest valid session cookies and bypass multi-factor authentication. Microsoft notes that the attackers misuse the OAuth “state” parameter to automatically pre-fill the victim’s email address on the phishing page, making it look more authentic and reducing friction for the user. In other cases, the redirect leads to a “/download” path that automatically serves a ZIP archive containing malicious shortcut (LNK) files and HTML smuggling components. These variations show how the same redirection trick can support both credential theft and direct malware delivery.  If a victim opens the malicious LNK file, it launches PowerShell to perform reconnaissance on the compromised host and stage the next phase of the attack. The script extracts components needed for DLL side-loading, where a legitimate executable is abused to load a malicious library. In this campaign, a rogue DLL named crashhandler.dll decrypts and loads the final payload crashlog.dat directly into memory, while a benign-looking binary (stream_monitor.exe) displays a decoy application to distract the user. This technique helps attackers evade traditional antivirus tools and maintain stealthy, in-memory persistence.  Microsoft stresses that these are identity-based threats that exploit intended behaviors in the OAuth specification rather than exploiting a software vulnerability. The company recommends tightening permissions for OAuth applications, enforcing strong identity protections and Conditional Access policies, and applying cross-domain detection that correlates email, identity, and endpoint signals. Organizations should also closely monitor application registrations and unusual OAuth consent flows to spot malicious apps early. As this abuse of standards-compliant error handling is now active in real-world campaigns, defenders must treat OAuth flows themselves as a critical attack surface, not just a background authentication detail.

Hackers Abuse OAuth Flaws for Microsoft Malware Delivery #Microsoft #OAuth #Phishingemail

Setting up OAuth flows sucks. Every API integration = 3 hours of auth boilerplate.

Clamper ships with pre-built OAuth for Google, GitHub, Notion, Stripe, Slack, Discord. Just plug in your keys.

From 3 hours to 3 minutes. 95% faster.

Try Clamper: clamper.tech

#OpenClaw #AIAgents #OAuth #Develo...

OAuth 2.0 is the standard for authorization. Delegated access without sharing passwords. Google, Facebook, GitHub all use it. Standards enable ecosystems.

#oauth #security

Bearer tokens can be replayed.

Quarkus 3.32 introduces DPoPNonceProvider so you can enforce single-use nonces and stop replay attacks in your Java APIs.

I built the full challenge-response flow with Keycloak + Dev Services.

Here’s the guide:
buff.ly/mZX26pw

#Quarkus #Java #Security #OAuth

Securing AI Coding Agents with Real-Time Just-In-Time Authorization: Claude Code and GitHub Copilot CLI | Martin Besozzi But one key question is still largely unanswered: > Who approves critical actions when an AI agent decides to execute them? At TwoGenIdentity, we built a working implementation of Just-In-Time (#JIT)...

Now you can implement Just-In-Time #Authorization in #Claude #Code with Human-in-the-Loop (#HITL) #MCP #Elicitation
Demoing our implementation based #open #standards, where #OAuth native authz occurs real time, producing a cryptographic proof bound to that operation
www.linkedin.com/posts/embeso...

Cyber attackers are exploiting OAuth's Device Code Flow to hijack Microsoft 365 accounts without stealing passwords. Stay vigilant and implement robust security measures. #CyberSecurity #Phishing #OAuth Link: thedailytechfeed.com/phishing-att...

Error message from Claude Code when I didn't manage to copy the OAuth URL to another machine, paste it into my browser, get the response from their (very slow) server, copy that back to the first machine and paste it back into the session in under 15 seconds. Login OAuth error: timeout of 1500@ms exceeded

I hate it when people thing OAuth is the only way to do things. Fine, it you are a web app running in a browser and using a third party service where your users don't want to let you see their credentials.

But, for a first party CLI app, perhaps making me […]

[Original post on mastodon.social]

Spring forward—your “AI coworker” will happily approve-to-exfil. Watch NEW OAuth trust events + device-code logins; endpoint IOCs are for nostalgic people. 🔥🕵️

#AlphaHunt #CyberSecurity #AI #OAuth

foojay – a place for friends of OpenJDK foojay is the place for all OpenJDK Update Release Information. Learn More.

DPoP: What It Is, How It Works, and Why Bearer Tokens Aren’t Enough

#bearer #cryptography #dpop #java #oauth #security #token

foojay.io/today/dpop-wh...

Working implementation 🚀 of Just-In-Time (#JIT) #Authorization for #AI #Agents
Our pattern, MCP-Native Authorization (MCP-NA), combines #OAuth 2.0 first-party interactive flows with #MCP #elicitation metadata to enable AI agents to orchestrate Human-In-The-Loop (#HITL) steps
Copilot MCP App demo👇

foojay – a place for friends of OpenJDK foojay is the place for all OpenJDK Update Release Information. Learn More.

Bearer tokens have a security problem - they can be stolen and replayed. DPoP offers a better approach by binding tokens to cryptographic keys. Hüseyin Akdoğan explains how it works and why you should care.

foojay.io/today/dpop-w...

#security #oauth #java

Invite Guest users in a Entra ID Multi-tenant setup This post looks at implementing a guest user invite in a cross tenant setup. This is useful when creating partner tenants using an Entra ID MAU license for all partner guests and members. This make…

Blogged: Invite Guest users in a Entra ID Multi-tenant setup

damienbod.com/2026/03/09/i...

#graph #entra #mau #identity #iam #entraid #oauth #openidconnect #oidc #security

LaraFoundry supports 3 OAuth providers out of the box:
Google, Facebook, Twitter.

One controller. One callback. Remember me works across all of them.

No Auth0. No Firebase. Pure Laravel Socialite.

#LaraFoundry #Laravel #OAuth #SaaS