An offensive guide to the Authorization Code grant

less than 1 minute read

Syndication

For posterity and discoverability, I’m syndicating all of my public work for NCC Group to this personal blog.

I wrote an offensive guide to the Authorization Code grant, seeking to present a compendium of all the possible OAuth 2.0 Authroization Code grant vulnerabilities that can be identified by end-users.

The post can be found on the NCC Group blog.

An archived version can be found in the Wayback Machine.