5 Best Practices To Secure Single Sign-On Systems
CSO Online, July 14th, 2020
July 26, 2020,
Volume 268, Issue 4
"The recent 'Sign in with Apple' vulnerability earned a researcher $100,000 as a part of Apple's bug bounty program. The flaw itself arose from an OAuth-style implementation that did not properly validate JSON Web Token (JWT) authentication between requests. This would have allowed a malicious actor to 'Sign in with Apple' using anyone's Apple ID..."
Read More ...