Categoría: OAuth Authentication

Stealing OAuth access tokens via an open redirect

OAuth account hijacking via redirect_uri

Forced OAuth profile linking

SSRF via OpenID dynamic client registration

Authentication bypass via OAuth implicit flow