SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

  • Created by Unknown User (lflynn), last modified on Nov 12, 2014

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Current »

Under Construction

This guideline is under construction. 

 For OAuth, ensure the relying party receiving the user's ID in the last protocol step is the same as the relying party that the access token was granted to.

Noncompliant Code Example

This noncompliant code example shows an application that

TBD

 

Compliant Solution

In this compliant solution the application

TBD

Risk Assessment

 

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRD26-J

Medium

Probable

Medium

 

 

Automated Detection

 

Bibliography

[Chen 2014]OAuth Demystified for Mobile Application Developers
 [IETF OAuth1.0a]

Internet Engineering Task Force (IETF). OAuth core 1.0 revision a. http://oauth.net/core/1.0a/.

 [IETF OAuth2.0] Internet Engineering Task Force (IETF). The OAuth 2.0 authorization framework. http://tools.ietf.org/html/rfc6749.

 

 

  • No labels