OAuth ("Open Authorization") is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon,Google, Facebook, Microsoft, and Twitter to permit the users to share information about their accounts with third-party applications or websites.
Generally, OAuth provides clients a "secure delegated access" to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without providing credentials. Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server. In particular, OAuth 2.0 provides specific authorization flows for web applications, desktop applications, mobile phones, and smart devices.
OAuth 2.0 has been analyzed using formal web protocol analysis. This analysis revealed that in setups with multiple authorization servers, one of which is behaving maliciously, clients can become confused about the authorization server to use and may forward secrets to the malicious authorization server (AS Mix-Up Attack).This prompted the creation of a new best current practice internet draft that sets out to define a new security standard for OAuth 2.0. Assuming a fix against the AS Mix-Up Attack in place, the security of OAuth 2.0 has been proven under strong attacker models using formal analysis.
Monday 27 June 2022
OAuth
Typescript
TypeScript is a programming language developed and maintained by Microsoft. It is a strict syntactical superset of JavaScript, adding optional static typing to the language. It is designed for the development of large applications and transpiles to JavaScript.
It may be used to develop JavaScript applications for both client-side and server-side execution (as with Node.js or Deno). Multiple options are available for transpilation. The default TypeScript Compiler can be used, or the Babel compiler can be invoked to convert TypeScript to JavaScript.
TypeScript provides static typing through type annotations to enable type checking at compile time. This is optional and can be ignored to use the regular dynamic typing of JavaScript.
function add(left: number, right: number): number {
return left + right;
}
The annotations for the primitive types are number, boolean and string. Typescript also supports data types with the following annotations: Array, Enums and void.
Additional data types are: Tuple, Union, never and any. An array with predefined data types at each index is Tuple type. A variable that holds more than one type of data is Union type. When you are sure that something is never going to occur you use never type. Weakly- or dynamically-typed structures are of any type.
Tuesday 14 June 2022
understanding how JSON handles integers and strings
In JSON, values must be one of the following data types:
- a string
- a number
- an object (JSON object)
- an array
- a boolean
- null
JSON values cannot be one of the following data types:
- a function
- a date
- undefined
Strings in JSON must always be in double quotes.
Example
{"name":"John"}
Numbers can be either an integer or a floating point.
Example
{"age":30}
JSON also supports objects, following the JSON syntax:
"obj name": {"field":value}
if value is a string, must be between double quotes.
"obj name": {"field":"string Value"}
The following is an example to illustrate both integers and strings
<!DOCTYPE html>
<html>
<body>
<p id="test"> </p>
<script>
var mytxt='{"emp":[' +
'{"name":"paul","surname":"smith","age":25,
"admission":2015},'+
'{"name":"maria","surname":"sheeva","age":20,
"admission":2016},'+
'{"name":"jon","surname":"shiv","age":27,
"admission":2012}]}';
var obj = eval ("(" + mytxt + ")");
document.getElementById("test").innerHTML =
obj.emp[1].name+ " " + obj.emp[1].surname + " " +
obj.emp[1].age + obj.emp[1].admission;
document.getElementById("test").innerHTML =
obj.emp[0].age + obj.emp[1].age + " " +
obj.emp[2].age;
document.getElementById("test").innerHTML =
obj.emp[2].admission + obj.emp[0].admission +
obj.emp[1].admission;
</script>
</body>
</html>
The output of the code above will be 6043, since document.getElementById receives whatever the containers obj.emp[2].admission, obj.emp[0].admission and obj.emp[1].admission hold, adding up the integer values passed in the parameters (2015+2016+2012)