You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the implicit flow, the AS receives an authorization grant from a client it can not trust. In order not to give away access tokens to anybody, the library should allow you to specify a (white-)list of URLs for every connecting client. In the penetration test, you should check whether you can use a URL in the redirect_url that doesn't match one of the URLs in the whitelist (that would be a fail).
The text was updated successfully, but these errors were encountered:
In the implicit flow, the AS receives an authorization grant from a client it can not trust. In order not to give away access tokens to anybody, the library should allow you to specify a (white-)list of URLs for every connecting client. In the penetration test, you should check whether you can use a URL in the redirect_url that doesn't match one of the URLs in the whitelist (that would be a fail).
The text was updated successfully, but these errors were encountered: