. Why not authorization code phishing?
regards,
Torsten.
Von: Eran Hammer-Lahav
[mailto:e...@hueniverse.com]mailto:[mailto:e...@hueniverse.com]
Gesendet: Mittwoch, 17. August 2011 08:39
An: OAuth WG
Betreff: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland)
10.6. Authorization Code
] Authorization Code Leakage feedback (Yaron Goland)
10.6. Authorization Code Leakage: Comment I fancy myself as being
reasonably intelligent and I'm unclear what attack is actually being described
here.
Yeah... I had to go back to -16 to be reminded of the section original title
'session fixation
not authorization code phishing?
regards,
Torsten.
Von: Eran Hammer-Lahav
[mailto:e...@hueniverse.com]mailto:[mailto:e...@hueniverse.com]
Gesendet: Mittwoch, 17. August 2011 08:39
An: OAuth WG
Betreff: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland)
10.6. Authorization Code Leakage
:[mailto:e...@hueniverse.com]
Gesendet: Mittwoch, 17. August 2011 08:39
An: OAuth WG
Betreff: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland)
10.6. Authorization Code Leakage: Comment I fancy myself as being
reasonably intelligent and I'm unclear what attack is actually being described
10.6. Authorization Code Leakage: Comment I fancy myself as being
reasonably intelligent and I'm unclear what attack is actually being described
here.
Yeah... I had to go back to -16 to be reminded of the section original title
'session fixation attack' to figure out what this was about.
Noticed this follow up question after I sent this:
10.6. Authorization Code Leakage: Comment on The authorization server
SHOULD require the client to register their redirection URI: Why is this a
should?
Because comparing the redirect_uri value used between the two calls
(authorization and
not authorization code phishing?
regards,
Torsten.
Von: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
Gesendet: Mittwoch, 17. August 2011 08:39
An: OAuth WG
Betreff: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland)
10.6. Authorization Code Leakage: Comment I fancy myself as being
reasonably