Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
indeyets
on May 13, 2014
|
parent
|
context
|
favorite
| on:
OAuth Security Cheatsheet
You missed the obvious: using OAuth2 without TLS =)
And paranoid part of my brain suggests that using OAuth1.0a is still preferred even if over TLS
homakov
on May 13, 2014
[–]
This is another kind of threat but yes, MITM is game over for oauth2
Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
And paranoid part of my brain suggests that using OAuth1.0a is still preferred even if over TLS