n't need
>>> the extra step of the code just go ahead and implement it anyway, and
>>> ensure that the majority of native apps use cases would have been
>>> implemented with better security.
>>>
>>> adam
>>>
>>> -Original Mes
age-
>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
>> Richer, Justin P.
>> Sent: Wednesday, May 15, 2013 3:22 PM
>> To: Antonio Sanso
>> Cc: "WG "@il06exr01.mot.com
>> Subject: Re: [OAUTH-WG] Recap of two well known OAuth
> Cc: "WG "@il06exr01.mot.com
> Subject: Re: [OAUTH-WG] Recap of two well known OAuth related attacks
>
> The biggest problem with this attack is the passing of the access token to a
> backend server (and its subsequent passing of that token to someone else) and
t;@il06exr01.mot.com
Subject: Re: [OAUTH-WG] Recap of two well known OAuth related attacks
The biggest problem with this attack is the passing of the access token to a
backend server (and its subsequent passing of that token to someone else) and
the assumption that the presentation of the access
The biggest problem with this attack is the passing of the access token to a
backend server (and its subsequent passing of that token to someone else) and
the assumption that the presentation of the access token means that the user is
authenticated and present. It simply doesn't mean that, and t
Hi *,
I wrote a blog post showing two well known OAuth related attacks. I paste here
the link for your consideration:
http://intothesymmetry.blogspot.ch/2013/05/oauth-2-attacks-introducing-devil-wears.html
Any comment is more than appreciated.
Regards
Antonio
_
