Test info - OAuch

AuthEndpoint.RedirectUriConfusion

Is the authorization server vulnerable to path confusion

This test checks whether the authorization server is vulnerable to path confusion (cf. https://dl.acm.org/doi/abs/10.1145/3627106.3627140).

View source code on GitHub

Documents

This test is part of the following document(s):

The OAuth 2.0 Authorization Framework (RFC6749), section 3.1.2.2 (should)
OAuth 2.0 Threat Model and Security Considerations (RFC6819), section 5.2.3.3 (should)
Financial-grade API Security Profile (FAPI) 1.0 – Part 1: Baseline (FAPI1Base), section 5.2.2 (must)

Back to the test case overview or the threat overview