Details

    • Type: Sub-Task
    • Status: Closed
    • Priority: Minor
    • Resolution: Completed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      Undesirable postconditions:

      • Attacker’s malicious OAuth2 application is granted access to the victim’s protected resources at the OAuth2 service API

       

      Spec reference:

       

      Mitigation @ OAuth2 provider:

      • Use “x-frame-options” header on Authorization Service response to prevent it being loaded in an invisible iframe

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Packages

                  Version Package