Security Boulevard

OAuth Device Flow Vulnerabilities: A Critical Analysis of the 2024-2025 Attack Wave

The cybersecurity landscape witnessed a seismic shift in 2024-2025 as threat actors, led by groups like ShinyHunters (UNC6040), systematically exploited OAuth device authorization grant ...
Security Boulevard

The Enterprise Risk of OAuth Device Flow Vulnerabilities – And How SSOJet Solves It

Modern enterprises rely on dozens of SaaS, PaaS, and IaaS platforms, many of which bake authentication and access security deep into their products. But in 2025, a new wave of sophisticated phishing ...
GitHub

Refine scopes for the OAuth v2

I started using V2 in order to employ the auto OAuth flow. When I created a clientId in TS, I chose a reasonable set of scopes which I thought would cater for the tsdproxy to setup machines etc.
blockchain

GitHub Enhances Security with PKCE Support for OAuth and GitHub Apps

GitHub has introduced PKCE support for OAuth and GitHub App authentication, enhancing security by protecting authorization codes. The implementation follows OAuth 2.0 standard (RFC 7636). GitHub has ...
GitHub

JWT Header Validation Error in Supabase SDK v2.50.5 Breaks Google OAuth

I confirm this is a bug with Supabase, not with my own application. Supabase SDK v2.50.5 throws a TypeError: Window.fetch: [JWT_TOKEN] is an invalid header value ...