We're proud to announce that principal consultant Justin Richer's first book, OAuth 2 In Action, is now available everywhere! This comprehensive technical book covers the OAuth 2.0 protocol across all its different components, including hands-on implementations and exercises. Co-author Antonio Sanso has provided excellent coverage of OAuth 2's vulnerabilities and what to do about them in real deployment environments. Later chapters cover OpenID Connect, JOSE/JWT, UMA, and a variety of topics around the OAuth protocol.
Bespoke Engineering is an independent consulting company specializing in internet identity, cross-domain security, software engineering, and systems architecture. We strongly believe in the power of open standards and open source software and have many years of direct experience in both.
Founder and principal consultant Justin Richer is a respected contributor to open standards specifications and open source implementations. He is the editor of OAuth Dynamic Client Registration (RFC7591), OAuth Dynamic Client Registration Management (RFC7592), OAuth Token Introspection (RFC7662), and Vectors of Trust (RFC8485). He is the author of OAuth 2 In Action along with Antonio Sanso.
Justin's security blog is available online and is updated somewhat regularly.
We offer deep expertise in OAuth, OpenID Connect, JOSE, and other modern web security standards. We have broad experience in deploying these technologies in a variety of environments, from enterprise to personal. We bring backgrounds in usability, collaboration, design, and engineering to ensure solutions work in the real world with real people.
We offer a variety of custom consulting services, including security architecture design, technical whitepapers, standards document editing, and commercial support and customization of the MITREid Connect open source project.
Our expert technologists are available for speaking engagements, training, design reviews, and development and deployment consultation. Please contact us for rates and availability.