I highly recommend the book OAuth 2.0 simplified by @aaronpk . Just got a copy yesterday and I was amazed by how Aaron made the book so comprehensive.
1
1
Hi @aaronpk . I just got some questions to ask. I am currently in the last part of chapter 14, please can you reply me here or you got an email meant for questions ?
1
I can try to reply here!
1
1
In situations where introspection endpoint is left open and un-throttled, how can a researcher exploit such vulnerability ? I could not find such stuff with google search.
1
Replying to @huzayyfah
The main threat is token scanning attacks, but there isn't much difference between scanning the introspection endpoint or a resource server at that point. That said, the introspection endpoint is supposed to require authentication according to tools.ietf.org/html/rfc7662#…

RFC 7662: OAuth 2.0 Token Introspection

This specification defines a method for a protected resource to query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about...

datatracker.ietf.org

Dec 23, 2020 · 7:33 PM UTC

2
1
Replying to @aaronpk
sometimes you need to craft a payload in an iframe so that when a victim clicks you get his leaked code. Do I need a server where I get notified that victim has clicked my malicious payload ? And any idea about how to build such a server ? I couldnt get that with a google search
Replying to @aaronpk
Hi Aaron. I came across a client using redirect uri like this: redirect_uri=storageRelay//https:// And I was unable to see their auth code. Are they hiding their code?