[Openid-specs-ab] Covert Redirect in implicit flow

nov matake nov at matake.jp
Wed May 7 08:59:28 UTC 2014


Recent browsers (exclude my Safari) attach URI fragment to the redirect destination when it receives 30x response.
http://stackoverflow.com/questions/2286402/url-fragment-and-302-redirects

So isn’t access token in implicit flow reveals to the attacker who can setup destination JS code?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140507/97ea4645/attachment.html>


More information about the Openid-specs-ab mailing list