Hello everyone, As part of a research project, I've created a test suite to test OAuth 2.0 implementations and measure how well they implement the various MAY/SHOULD/MUST security recommendations in the OAuth standards. (It also includes test cases for the OIDC and FAPI RO/RW recommendations.) The tool is practically finished and will be made available to the public in a few months.
I'm currently working on a security analysis of the OAuth2 ecosystem (i.e. I'm using the tool to test various OAuth/OIDC implementations) and I'm still looking for more candidates to test. If you are the author of an OAuth library or if you are running an OAuth service, feel free to contact me to get involved. Apart from my gratitude, I can offer you a free security audit of your product :-) Regards, Pieter
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
