jspωiki
OAuth 2.0 Security-Closing Open Redirectors in OAuth

Overview [1]#

OAuth 2.0 Security-Closing Open Redirectors in OAuth is an Internet Draft for a Best Current Practice which gives additional security considerations for OAuth, beyond those in the OAuth 2.0 specification RFC 6749 and in the OAuth 2.0 Threat Model and Security Considerations RFC 6819.

In particular focuses attention on the risk of abuse the Authorization Server (AS) (Section 1.2) as an open redirector.

OAuth 2.0 Security-Closing Open Redirectors in OAuth contains the following content:

More Information#

There might be more information for this subject on one of the following: