Alexander SchwartzFeb 25, 2025

New videos about #OpenIDConnect and #Keycloak from #FOSDEM 2025

Several talks have been recorded, and are now available online to re-watch. See our blog post for the list of talks and developer rooms:
https://www.keycloak.org/2025/02/recordings-available-fosdem

New videos about OpenID Connect and Keycloak from FOSDEM 2025

Several talks regarding OpenID Connect and Keycloak and have been recorded, and are now available online to re-watch.

Keycloak
Show threadherbert77

@ahus1

a remark about your talk:
"Using DPoP to use access tokens securely in your Single Page Applications"
https://fosdem.org/2025/schedule/event/fosdem-2025-5370-using-dpop-to-use-access-tokens-securely-in-your-single-page-applications/

in this presentation https://www.youtube.com/watch?v=OpFN6gmct8c&t=1723s
@PhilippeDeRyck

explains that DPoP can not mitigate the problem that an attacker in the position to execute JavaScript (XSS) can get their own access token regardless how well protected the DPoP keys are because the attacker can use their own DPoP keys to get new access tokens.

Would you disagree?

FOSDEM 2025 - Using DPoP to use access tokens securely in your Single Page Applications

Mar 4, 2025 at 12:58amWeb