Security Boulevard

OAuth 2.0 Overview

Ever clicked a “Login with Google” button or granted a new photo app permission to access your Dropbox files? If so, you’ve already experienced OAuth 2.0 — even if you didn’t realize it at the time.
GitHub

GitHub OAuth tutorial references removed session/cookie API documentation

Commit 5dbdccc in #1801 significantly overhauled the Sessions section documentation. While this appears to align with making Lucia a more general authentication guide, it has created a documentation ...
Bleeping Computer

Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts

Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. The adversary ...
marktechpost

Implementing OAuth 2.1 for MCP Servers with Scalekit: A Step-by-Step Coding Tutorial

In this tutorial, we’ll explore how to implement OAuth 2.1 for MCP servers step by step. To keep things practical, we’ll build a simple finance sentiment analysis server and secure it using Scalekit, ...
Security Boulevard

SAML vs OAuth 2.0 – What’s the Difference? A Practical Guide for Developers

In the world of identity and access management (IAM), two protocols often come up during system design or vendor selection: SAML 2.0 and OAuth 2.0. While both serve to secure access, they solve ...
CSOonline

What is OAuth? How the open authorization framework works

Since the beginning of distributed personal computer networks, one of the toughest computer security nuts to crack has been to provide a seamless, single sign-on (SSO) access experience among multiple ...
Cloud Security Alliance

When OAuth Tokens Go Rogue: Lessons from the Salesloft–Drift Breach

In August 2025, attackers exploited the Salesloft-Drift OAuth integration to compromise over 700 organizations’ Salesforce instances. This wasn’t a direct vulnerability in Salesforce, but rather an ...