Chapter 9. Common authorization server vulnerabilities

This chapter covers

Avoiding common implementation vulnerabilities in the authorization server
Protecting against known attacks directed at the authorization server

In the last few chapters, we’ve looked at how OAuth clients and protected resources can be vulnerable to attackers. In this chapter, we’re going to focus on the authorization server with the same eye towards security. We’ll see that this is definitely more complicated to achieve because of the nature of the authorization server. Indeed, the authorization server is probably the most complex component in the OAuth ecosystem, as we saw while building one in chapter 5. We’ll outline in detail many of the threats you can encounter ...

Get OAuth 2 in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

OAuth 2 in Action by Justin Richer, Antonio Sanso

Chapter 9. Common authorization server vulnerabilities

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly