‘OAuth 2.0 Redirect URI Validation Falls Short, Literally’

by

“OAuth 2.0 requires a complex redirection trail between websites and Identity Providers (IdPs). In particular, the ‘redirect URI’ parameter included in the popular Authorization Grant Code flow governs the callback endpoint that users are routed to, together with their security tokens. The protocol specification, therefore, includes guidelines on protecting the integrity of the redirect URI. … We analyze the OAuth 2.0 specification in light of modern systems-centric attacks and reveal that the prescribed redirect URI validation guidance exposes IdPs to path confusion and parameter pollution attacks.”

Find the paper and authors list in the 39th Annual Computer Security Applications Conference proceedings.

View on Site: ‘OAuth 2.0 Redirect URI Validation Falls Short, Literally’
,

Related

Conferences and Events August 26, 2025

NSF grant awarded for adaptive clothing
Conferences and Events May 14, 2025

Patent for ‘lightweight pose estimation network’ goes to Fu
Conferences and Events February 4, 2025

DARPA grant to enhance mixed reality security
Conferences and Events August 15, 2025

Patents for experimental virtual reality methods
Conferences and Events July 18, 2025

Patent for efficient computation
Conferences and Events June 12, 2025

‘Human Mobility Is Well Described by Closed-Form Gravity-Like Models Learned Automatically from Data’
Conferences and Events June 26, 2025

‘Foundations of Scalable Systems’
Conferences and Events March 10, 2025

‘Network Coding for Engineers’
Conferences and Events March 5, 2025

‘Practical Business Analytics Using R and Python’