OAuth 2.0 Auth Code Injection Attack in Action

Показать описание

Here are some useful/foundational links for learning about OAuth 2.0:

Okta is a developer API service that stores user accounts for your web apps, mobile apps, and APIs.

Рекомендации по теме

Комментарии

By watching this vid, I became a more informed person: my time was well spent - thx!

KDOERAK

Very clearly illustrated, thanks for explaining and demoing this!

sebastiangonzalez

Are there other attack scenarios that don't require a malicious browser extensions (or compromised user agent or MITM)? I don't know much about browser extensions, but don't they already have access to cookies, browser storage, and/or the page's DOM? Therefore session hijacking can already be done in different ways at that point?

nawwark

PKCE or not, shouldn't the authorization server return the authorization code directly to the back channel (server) as opposed to the front channel? In which case there is nothing an attacker can intercept directly....also the statement "there is no way to know the code verifier" is debatable. If a browser extension can intercept your Http calls it can also access the state in the browser if it knows where to look and grab it.

sp-vtje

But isn't the back channel supposed to send the code along with some secret to the authorization server of Google ? I thought the need to have a front and a back channel was specifically aimed to prevent this kind of attacks where someone could replay your auth code but as it does not have the client secret the auth server would not grant the access_token.

baptiste

I have question. If the auth code is for single use. How can both attacker and the target user can use this single use code with the application?

keremserttas

OAuth 2.0 Auth Code Injection Attack in Action

Visualizing the OAuth Flow and Why PKCE is Needed

OAuth PKCE | OAuth Proof Key for Code Exchange explained

OAuth 2 0 and OpenID Connect for Single Page Applications Philippe De Ryck

Auth0 in 100 Seconds // And beyond with a Next.js Authentication Tutorial

OAUTH MISCONFIGURATION | PROCESS | BUG BOUNTY POC

Samit Anwer - Oh! Auth Implementation pitfalls of OAuth 2 0 & the Auth Providers who have fell

Introduction to OAuth 2.0 and OpenID Connect By Philippe De Ryck

OAuth2 Login Made Easy in Java: A Spring Boot & Spring Security Walkthrough

HACKING OAuth 2.0 FOR BEGINNERS!

OAuth 2.0 Hacking for Beginners with Farah Hawa

More Secure JavaScript Single-Page Applications with MSAL 2.0 and OAuth 2.0 Auth Code Flow with PKCE

alert‘OAuth 2 0’; // The impact of XSS on OAuth 2 0 in SPAs

OAuth implicit flow

OAuth 2.0 Authorization code flow for explained with example | Single Sign On

Authentication Explained: What is OAuth2? | Tokyo Bootcamp Tech Talk

Authentication done right: Consuming (and serving) Oauth 2.0

Top 12 Tips For API Security

OAuth 2 0 Threat Landscape

[Spring Security] Mastering JWT with OAuth2 and JPA for Secure User Authentication & Authorizati...

Rest Assured API Testing Session # 11 - Authorization | OAuth 2.0

OAuth Introduction And OAuth 2.0 authentication vulnerabilities | What is OAuth? #1

Stealing Users OAuth authorization code via redirect_uri | POC | P1 | $2000

Python FastAPI Secure your service with OAuth2 easily

The insecurity of OAuth 2.0 in frontends - Philippe de Ryck - NDC Security 2023