#23: Auth Code Swap Attack (CSRF)
See discussion thread beginning here:
http://www.ietf.org/mail-archive/web/oauth/current/msg07233.html
Text proposed by Tony, Yaron, Thorsten, and Phil; proposed text makes
"state" option required.
Eran objects and proposes alternative text that does not make "state"
required.
--
-------------------------------------+--------------------------------------
Reporter: barryleiba@… | Owner:
Type: defect | Status: new
Priority: major | Milestone: Deliver OAuth 2.0 spec
Component: v2 | Version:
Severity: In WG Last Call | Keywords:
-------------------------------------+--------------------------------------
Ticket URL: <http://trac.tools.ietf.org/wg/oauth/trac/ticket/23>
oauth <http://tools.ietf.org/oauth/>
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
