Chapter 9. Common authorization server vulnerabilities

This chapter covers

  • Avoiding common implementation vulnerabilities in the authorization server
  • Protecting against known attacks directed at the authorization server

In the last few chapters, we’ve looked at how OAuth clients and protected resources can be vulnerable to attackers. In this chapter, we’re going to focus on the authorization server with the same eye towards security. We’ll see that this is definitely more complicated to achieve because of the nature of the authorization server. Indeed, the authorization server is probably the most complex component in the OAuth ecosystem, as we saw while building one in chapter 5. We’ll outline in detail many of the threats you can encounter ...

Get OAuth 2 in Action now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.