Sauvik Biswas

posts

works

travelogue

comics

oauth2-lab

about

now

Oauth2

27 Jun 2026

Token Exchange (On-Behalf-Of): Swapping Tokens for Downstream APIs

26 Jun 2026

Resource Indicators: Binding Tokens to a Specific API

22 Jun 2026

JWKS and RS256: Dropping the Shared JWT Secret

21 Jun 2026

Intermission: What Industry Ships and Who Gets Paid

20 Jun 2026

Adding OpenID Connect on Top of OAuth 2

17 Jun 2026

JWT Access Tokens: Local Validation Without the Introspection Hop

15 Jun 2026

Splitting the Auth Server from the Resource Server

13 Jun 2026

Refresh Tokens and Silent Re-authentication

10 Jun 2026

Using the Access Token on a Protected API

8 Jun 2026

Adding PKCE to Stop Authorization Code Interception

7 Jun 2026

Adding OAuth State to Stop CSRF

6 Jun 2026

Learning OAuth 2 by Building It, One Version at a Time

Powered by Hugo and tomfran/typo