Common attacks

Now that we've looked at some security best practices to keep your application secure, let's now take a look at some common attacks against OAuth 2.0 clients that you should be aware of. We will also examine the mitigation techniques you can use to protect your application from such attacks.

Cross-site request forgery (CSRF)

Cross-site request forgery is a powerful attack that has been gaining popularity with attackers in recent years. It involves tricking users into following a malicious link that performs an undesirable action on a trusted site without their knowledge, making use of their pre-existing sessions with that site.

For instance, imagine a user has just logged into their bank in their favorite web browser. Now, in another ...

Get Mastering OAuth 2.0 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.