• Federated authentication
• What is SAML
• What is OIDC
• What is oAuth
• Authentication
• "Maturity Model": Explain local auth, directory auth, federated auth
• #4
• #3
• Identity Management
• SCIM
• Authorization
• RBAC
• ABAC

References

• jwt.io
• https://fusionauth.io/dev-tools/jwt-decoder

Try https://github.com/cmfcmf/docusaurus-search-local for offline and online use

References

• https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html

• Google Tag
• Configure docusaurus
• Install cookie consent banner
• Configure cookie consent banner
• Create a privacy policy

https://jsonenc.info/jss/1.0/

• Upload docusaurus
• Deploy to GH pages
• Setup custom domain

https://github.com/rossjrw/pr-preview-action

References

• https://fusionauth.io/platform/multi-tenant
• https://supertokens.com/blog/multi-tenancy-in-2024
• https://cloud.google.com/identity-platform/docs/multi-tenancy-authentication
• https://learn.microsoft.com/en-us/azure/architecture/guide/multitenant/considerations/identity
• https://auth0.com/docs/get-started/auth0-overview/create-tenants/multi-tenant-apps-best-practices

Questions

• What is multi-tenancy authentication?
• What is the difference between single tenant and multi-tenant authentication?
• What does multi-tenant mean?
• What is an example of a multi-tenant application?
• What is the difference between SaaS and multi-tenant?
  What are the three multi-tenancy models?

References:

• https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps#name-token-storage-in-the-browser
• Native: https://www.rfc-editor.org/info/rfc8252
• Refresh Tokens: https://datatracker.ietf.org/doc/html/rfc6749#section-10.4
• https://thenewstack.io/best-practices-for-storing-access-tokens-in-the-browser/
• https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/

References

• https://auth0.com/features/single-sign-on
• https://www.okta.com/blog/tag/enterprise-sso/
• (5) https://www.descope.com/learn/post/enterprise-sso
• (4) https://www.okta.com/products/single-sign-on/
• https://fusionauth.io/features/single-sign-on
• (1) https://www.miniorange.com/blog/enterprise-sso-single-sign-on/
• (2) https://www.evidian.com/products/enterprise-sso/

Questions

• What is Enterprise Single Sign-On?
• What is the difference between Web SSO and enterprise SSO?
• What does company SSO mean?
• What is enterprise sign in?
• What is the difference between app registration and enterprise application SSO?
• What type of SSO is Azure?

References

• https://github.com/go-jose/go-jose
• https://medium.com/apinizer/jose-json-object-signing-and-encryption-framework-aeefcf27775

1. RP-Initiated Logout (RP = Relying Party)

Purpose: Allows a Relying Party (the application/website using OIDC for authentication) to initiate the logout process for the end-user. This means the application signals to the OpenID Provider (OP) that the user's session should end.
Mechanism: The RP sends a logout request to the OP, which then invalidates the user's session. The OP can also optionally notify other RPs where the user is logged in to end their sessions as well.
Specification: OpenID Connect RP-Initiated Logout 1.0

2. Front-Channel Logout

Purpose: Informs other Relying Parties (RPs) that the user has logged out by redirecting the user's browser to each RP's registered logout URI.
Mechanism: After the OP invalidates the session, the user's browser is redirected to the RP's frontchannel_logout_uri along with parameters like iss (issuer) and sid (session ID). The RP then performs its own logout procedures (e.g., clearing cookies, invalidating local storage).
Specification: OpenID Connect Front-Channel Logout 1.0

3. Back-Channel Logout

Purpose: Similar to Front-Channel Logout, but it notifies other RPs directly through secure back-channel communication instead of redirecting the user's browser.
Mechanism: The OP sends logout requests directly to the RPs' registered backchannel_logout_uri. These requests typically include the iss and sid to identify the session to be terminated. RPs process the request and perform their internal logout procedures.
Specification: OpenID Connect Back-Channel Logout 1.0