Common attacks

Now that we've looked at some security best practices to keep your application secure, let's now take a look at some common attacks against OAuth 2.0 clients that you should be aware of. We will also examine the mitigation techniques you can use to protect your application from such attacks.

Cross-site request forgery (CSRF)

Cross-site request forgery is a powerful attack that has been gaining popularity with attackers in recent years. It involves tricking users into following a malicious link that performs an undesirable action on a trusted site without their knowledge, making use of their pre-existing sessions with that site.

For instance, imagine a user has just logged into their bank in their favorite web browser. Now, in another ...

Get Mastering OAuth 2.0 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.