An offensive guide to the Authorization Code grant

For posterity and discoverability, I’m syndicating all of my public work for NCC Group to this personal blog.

I wrote an offensive guide to the Authorization Code grant, seeking to present a compendium of all the possible OAuth 2.0 Authroization Code grant vulnerabilities that can be identified by end-users.

Links

The post can be found on the NCC Group blog.

An archived version can be found in the Wayback Machine.