Am 22.04.2016 um 16:35 schrieb Daniel Fett: > The attack is not based on a manipulation of the redirect_uri. Instead, > a correct redirect_uri is used, but the page loaded from the > redirect_uri contains links or external resources (intentionally or not).
(This of course describes our attack, not the one by Homakov.) -- Informationssicherheit und Kryptografie Universität Trier - Tel. 0651 201 2847 - H436 _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
