AuthEndpoint.CodePollution

Can the authorization code be polluted

This test checks whether the authorization code can be polluted using a parameter pollution attack (cf. https://dl.acm.org/doi/abs/10.1145/3627106.3627140).

View source code on GitHub

Documents

This test is part of the following document(s):

• The OAuth 2.0 Authorization Framework (RFC6749), section 3.1.2.2 (should)
• OAuth 2.0 Threat Model and Security Considerations (RFC6819), section 5.2.3.3 (should)
• OAuth 2.0 Security Best Current Practice (draft 25) (SecBCP), section 2.1 (must)
• Financial-grade API Security Profile (FAPI) 1.0 – Part 1: Baseline (FAPI1Base), section 5.2.2 (must)

Back to the test case overview or the threat overview