Challenges
This section contains proof of concepts for various OAuth misconfigurations. The high quality Portswigger Web Academy OAuth Challenges were leveraged for this purpose.
Forced OAuth Profile LinkingStealing OAuth access tokens via an Open RedirectOAuth Account Hijacking via redirect_uriSSRF via OpenID Dynamic Client Registration
Last updated