标签「openid-connect」的文章

OAuth 2.1 and OpenID Connect: The Parts That Actually Confuse Everyone

A no-nonsense deep dive into OAuth 2.1 and OpenID Connect. Authorization Code + PKCE with real HTTP requests, token storage wars, refresh token rotation, OIDC discovery, multi-tenant identity, and the vulnerabilities that bite even experienced teams.