Hidden OAuth attack vectors

The OAuth2 authorization protocol has been under fire for the past ten years. You've probably already heard about plenty of "return_uri" tricks, token leakages, CSRF-style attacks on clients, and more.

from Pocket https://portswigger.net/research/hidden-oauth-attack-vectors
via IFTTT