Re: [OAUTH-WG] OAuth Digest, Vol 187, Issue 2

Я в отпуске до 13 мая. По срочным вопросам - звоните или пишите в Телеграм. ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Parameter pollution with redirect_uri injection in Authorization step

Hi Mike, we require exact redirect URI matching, which should solve the problem; in PAR you can use a dynamic redirect_uri, but the PAR request must be authenticated by the client then, making this attack unlikely. -Daniel Am 02.05.24 um 17:08 schrieb Michael Jones: Hi Daniel and crew, Do

[OAUTH-WG] Parameter pollution with redirect_uri injection in Authorization step

Hi Daniel and crew, Do you believe this issue is addressed in the OAuth Security BCP? If so, can you please add a reference to the pertinent text to this issue, so we can close it on that basis? Thanks,