0Pricing
Cryptology Academy · Lesson

OAuth Vulnerabilities and Attack Patterns

Study redirect URI manipulation, CSRF on the authorization endpoint, and token leakage vulnerabilities.

Open Redirect in redirect_uri

OAuth authorization servers must strictly validate the redirect_uri parameter. If the server allows prefix matching or wildcard matching (e.g., accepting any URL starting with "https://app.example.com"), an attacker crafts an authorization request redirecting to "https://app.example.com.attacker.com/steal" or an open redirect on the legitimate domain, stealing the authorization code.

CSRF on the Authorization Endpoint

Without CSRF protection, an attacker can initiate an OAuth flow and trick a victim's browser into completing the authorization. The victim inadvertently authorizes the attacker's client. The "state" parameter (RFC 6749) prevents this: the client generates a random state, includes it in the request, and verifies it matches in the callback. A mismatch aborts the flow.

All lessons in this course

  1. OAuth 2.0 Flows and Token Types
  2. PKCE: Securing Public Clients
  3. OpenID Connect Claims and ID Tokens
  4. OAuth Vulnerabilities and Attack Patterns
← Back to Cryptology Academy