Chapter 8. Common protected resources vulnerabilities

This chapter covers

Avoiding common implementation vulnerabilities in protected resources
Counting known attacks against protected resources
Benefiting from modern browser protections when designing a protected resource’s endpoint

In the previous chapter, we reviewed common attacks against OAuth clients. Now it’s time to see how to protect a resource server and defend against common attacks targeting OAuth protected resources. In this chapter, we’re going to learn how to design resource endpoints to minimize the risk of token spoofing and token replay. We’ll also see how we can leverage modern browsers’ protection mechanisms to make the designer’s life easier.

8.1. How are protected resources ...

Get OAuth 2 in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

OAuth 2 in Action by Justin Richer, Antonio Sanso

Chapter 8. Common protected resources vulnerabilities

8.1. How are protected resources ...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly