Overview [1]#

OAuth 2.0 Security-Closing Open Redirectors in OAuth is an Internet Draft for a Best Current Practice which gives additional security considerations for OAuth, beyond those in the OAuth 2.0 specification RFC 6749 and in the OAuth 2.0 Threat Model and Security Considerations RFC 6819.

In particular focuses attention on the risk of abuse the Authorization Server (AS) (Section 1.2) as an open redirector.

OAuth 2.0 Security-Closing Open Redirectors in OAuth contains the following content:

• Describes the Authorization Server Error Response as defined in RFC 6749.
• Describes the risk of abuse the Authorization Server as an open redirector.
• Gives some mitigation details on how to hinder the risk of open redirector in the Authorization Server.

More Information#

There might be more information for this subject on one of the following:

• Best Practices OpenID Connect
• Covert Redirect Vulnerability

---

• [#1] - OAuth 2.0 Security: OAuth Open Redirector - based on information obtained 2018-03-21-