[Openid-specs-ab] Covert Redirect in implicit flow

nov matake nov at matake.jp
Wed May 7 08:59:28 UTC 2014

Recent browsers (exclude my Safari) attach URI fragment to the redirect destination when it receives 30x response.

So isn’t access token in implicit flow reveals to the attacker who can setup destination JS code?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140507/97ea4645/attachment.html>

More information about the Openid-specs-ab mailing list