You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Do not use OAuth 2.0 implicit grant (unmodified) for authentication. It can be used to securely authorize, but not to authenticate.

Under Construction

This guideline is under construction. 

 

Noncompliant Code Example

This noncompliant code example shows an application that

TBD

 

Compliant Solution

In this compliant solution the application

TBD

Risk Assessment

 

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRD28-J

 

 

 

 

 

Automated Detection

 

Bibliography

[Chen OAuth 2014]OAuth Demystified for Mobile Application Developers
 

Internet Engineering Task Force (IETF). OAuth core 1.0 revision a. http://oauth.net/core/1.0a/.

  Internet Engineering Task Force (IETF). The OAuth 2.0 authorization framework. http://tools.ietf.org/html/rfc6749.

 

 

  • No labels