Code phishing attack on OAuth 2.0 [RFC6749]

Code phishing attack is the attack that the adversary obtains the code and client credentials from the legitimate client and uses them against the honest┬átoken endpoint to obtain tokens thereby accessing the protected resources illegitimately. Assumptions There are not much assumptions needed for this attack. The client and the server uses OAuth 2.0 [RFC6749]. The […]