I am struggling a bit to understand this attack and the advice in to how to prevent. I understand that if I, as an attacker, can change the redirection uri when authorizing, can not it as well change the redirect uri when requesting an access token?
Any explanation examples on how this attack might work and how sending the redirect_uri when requesting the access toekn prevents it are welcomed. Thanks, Ariel.=
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
