Re: [OAUTH-WG] Scoring OAuth authorization servers on best practices

Hi, As Joseph already mentioned oauch tool aims to do that and their results have been published in a paper available here . In addition to OAuch, another example of a tool that can be used for the same purpose is Micro-ID-Gym (MIG) that you

Re: [OAUTH-WG] Scoring OAuth authorization servers on best practices

Hi It’s not exactly what you asked for, but https://oauch.io/ was aiming to do this - although the online site currently seems to give a 500 error after logging in for me. I’m sure the team behind it were planning to publish the results of the tool, but I can’t remember if they did yet.

[OAUTH-WG] Scoring OAuth authorization servers on best practices

Has anyone tried scoring how well public OAuth authorization servers follow tbe best practices described in https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics ? I scored some software forges including GitHub, GitLab, BitBucket on a subset of best practices