Under Construction
This guideline is under construction.
To request OAuth user permission for information from a service provider, present a dialogue box to the user that identifies the relying party's information and the scope of its permissions.
Noncompliant Code Example
This noncompliant code example shows an application that
TBD
Compliant Solution
In this compliant solution the application
TBD
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
DRD25-J | Medium | Probable | Medium |
|
|
Automated Detection
Bibliography
[Chen 14] | OAuth Demystified for Mobile Application Developers |
[IETF OAuth1.0a] | Internet Engineering Task Force (IETF). OAuth core 1.0 revision a. http://oauth.net/core/1.0a/. |
[IETF OAuth2.0] | Internet Engineering Task Force (IETF). The OAuth 2.0 authorization framework. http://tools.ietf.org/html/rfc6749. |