all InfoSec news
Why Azure B2C ROPC Custom Flows Are Inherently Insecure
Blog - Praetorian www.praetorian.com
Microsoft’s Azure Active Directory B2C service allows cloud administrators to define custom policies, which orchestrates trust between principals using standard authentication protocols. One such custom policy that B2C defines by default is the Resource Owner Password Credentials (ROPC) flow, which implements the OAuth standard authentication flow of the same name and allows users to simply […]
The post Why Azure B2C ROPC Custom Flows Are Inherently Insecure appeared first on Praetorian.
active directory administrators api authentication authentication protocols azure azure active directory b2c cloud cloud security credentials default directory flow insecure microsoft name oauth password policies policy protocols resource service standard tools & techniques trust