Overview#
Mix-up attacks is an
Attack on
OAuth 2.0 (or
OpenID Connect) wherein the
attacker manages to convince the
client to send
credentials (
Authorization Code or
Access_token) obtained from an "honest"
Authorization Server to a server under the
attacker’s control.
Pushed Authorization Requests help to eliminate Mix-up attacks.
There might be more information for this subject on one of the following: