Hi, We've written a technical report that has a security analysis of double-redirection protocols such as OpenID and OAuth. Section 3.5 discusses OAuth 2.0. Most of section 4 may also be of interest to this list. You can find the report at http://www.pomcor.com/techreports/DoubleRedirection.pdf. I hope it's useful!
Thanks in advance for any comments. Francisco
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
