An open redirector is an endpoint using a parameter to automatically redirect a user agent to the location specified by the parameter value without any validation. If the authorization server allows the client to register only part of the redirect URI, an attacker can use an open redirector operated by the client to construct a redirect URI that will pass the authorization server validation but will send the authorization 'code' or access token to an endpoint under the control of the attacker.
OAuth 2.0 Threat Model and Security Considerations (RFC6819, section 4.1.5)
This threat is considered fully mitigated if all the test cases from the following test set succeed.
Back to the threat overview