Standards Document info

AttsDefs

OAuth2 Attacks & Defenses

This document contains a small set of test cases for attacks on OAuth implementations that are not covered by the other documents. This document is NOT an officially published standard.

Countermeasures

This document introduces a number of security countermeasures for OAuth. The OAuch tests related to these countermeasures are:

Jwt.AcceptsNoneSignatureTest
TokenEndpoint.MultipleCodeExchangesTest
Concurrency.SingleFastACExchangeTest
Concurrency.MultiFastACExchangeTest
TokenEndpoint.RefreshTokenRevokedAfterUseTest
Concurrency.SingleFastRefreshTest
Concurrency.MultiFastRefreshTest
Concurrency.ConcurrentTokensRevokedTest
Revocation.CanAccessTokensBeRevokedTest
Revocation.CanRefreshTokensBeRevokedTest

Back to the documents overview