OAuth Tokens Are Not Passwords: Revision history

From PiRho Knowledgebase
Jump to navigationJump to search

Diff selection: Mark the radio buttons of the revisions to compare and hit enter or the button at the bottom.
Legend: (cur) = difference with latest revision, (prev) = difference with preceding revision, m = minor edit.

20 April 2026

  • curprev 05:3505:35, 20 April 2026 Dex talk contribs 4,465 bytes +4,465 Created page with "= OAuth Tokens Are Not Passwords = == Channels, Capabilities, and Risk in OAuth 2.0 Systems == '''Summary:''' OAuth 2.0 access tokens are frequently treated as drop-in replacements for Basic Authentication credentials. While this can appear convenient, it collapses important architectural boundaries and recreates many of the very risks OAuth was designed to avoid. This article explains why OAuth access tokens should be treated as channel-bound capability documents, an..."