Has anyone tried scoring how well public OAuth authorization servers follow tbe best practices described in https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics ?
I scored some software forges including GitHub, GitLab, BitBucket on a subset of best practices https://github.com/hickford/git-credential-oauth/issues/17 . This identified multiple issues. For example, of those three servers, only GitLab supports PKCE _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
