zlacker

[parent] [thread] 4 comments
1. xenoph+(OP)[view] [source] 2024-12-26 19:35:01
I've always wanted to write a serverless OIDC provider/SAML IdP but got stymied by the WebAuthn standards, which don't seem to be written for normal people. :( But this e-book looks like it might have enough actual code interleaved with exposition to serve as more than just a high-level intro.
replies(3): >>caust1+v1 >>cybera+Nb >>nmadde+fT
2. caust1+v1[view] [source] 2024-12-26 19:52:44
>>xenoph+(OP)
Adam Langley is probably one of the most gifted teachers when it comes to explaining cryptography concepts. Very clear, concise, precise, and makes it simple enough for me to follow without getting my neurons all knotted up.
replies(1): >>jf+R1
◧◩
3. jf+R1[view] [source] [discussion] 2024-12-26 19:56:56
>>caust1+v1
Agreed, I implemented TLS key pinning for a project at Okta using one of Adam's blog posts
4. cybera+Nb[view] [source] 2024-12-26 21:25:01
>>xenoph+(OP)
OIDC providers are surprisingly NOT complicated! I created one to implement single sign-on with AWS, and it ended up being only around 200 lines of code in Go. All you need to do is create a JSON blob that is signed by a public key that is known to the consumer of the IDP.

I'll need to do a write-up for it.

5. nmadde+fT[view] [source] 2024-12-27 08:04:58
>>xenoph+(OP)
Yes, the WebAuthn spec is pretty unreadable. Every time I open it I feel like I’m lost in a maze of twisty hyperlinks, all alike.
[go to top]