Explore the evolution of OAuth and its modern security enhancements in this NDC Oslo 2020 conference talk. Delve into the proposed OAuth 2.1 standard and advanced OAuth-related techniques, including strong client authentication, proof-of-possession access tokens, resource indicators, and identity delegation. Learn about hardening authorization requests using JWTs (JAR) and pushed parameters (PAR). Discover the implementation of high-security OAuth features, rich authorization requests (RAR), and JWT secured authorization requests. Examine the weaknesses of bearer tokens and explore proof-of-possession methods, including Mutual TLS (MTLS) and sender-constrained access tokens. Gain insights into creating and configuring X.509 client certificates, setting up MTLS endpoints, and implementing certificate authentication handlers. Understand how to enable MTLS in IdentityServer and verify access token ownership at the resource server level. By the end of this talk, acquire a comprehensive understanding of OAuth's latest security improvements and their practical applications in modern authentication scenarios. Read more