BCP_4_7

Cross Site Request Forgery

An attacker might attempt to inject a request to the redirect URI of the legitimate client on the victim's device, e.g., to cause the client to access resources under the attacker's control. This is a variant of an attack known as Cross-Site Request Forgery (CSRF).

OAuth 2.0 Security Best Current Practice (draft 25) (SecBCP, section 4.7)

Mitigations

This threat is considered fully mitigated if all the test cases from one of the following test sets succeed.

The impact factor is a measure that indicates how important a given countermeasure is towards mitigating a threat.

Back to the threat overview