Overview #
OAuth 2.0 Security-Closing Open Redirectors in OAuth is an
Internet Draft for a
Best Current Practice which gives additional security considerations for
OAuth, beyond those in the
OAuth 2.0 specification
RFC 6749 and in the OAuth 2.0 Threat Model and Security Considerations
RFC 6819.
In particular focuses attention on the risk of abuse the Authorization Server (AS) (Section 1.2) as an open redirector.
OAuth 2.0 Security-Closing Open Redirectors in OAuth contains the following content:
There might be more information for this subject on one of the following: