Uploaded image for project: 'PUBLIC - OAuth2'
  1. PUBLIC - OAuth2
  2. OAUTH2-166 OAuth2 Documentation for 7.1.0 Release
  3. OAUTH2-203

DOC: Document Authorization Code leak using XSS into Security Considerations

    Details

    • Type: Sub-Task
    • Status: Closed
    • Priority: Minor
    • Resolution: Completed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      OAUTH2-98 states it's possible to leak Authorization Code using XSS.

      We need to stress that "Authorization Code" flow should be used only by web servers, the client secret should never be reused by multiple applications, revealed or be used as a public known secret.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              id30721 id30721
              Reporter:
              tomas.polesovsky Tomáš Polešovský
              Participants of an Issue:
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package