MSC09-J. For OAuth, ensure (a) [relying party receiving user's ID in last step] is same as (b) [relying party the access token was granted to].

Under Construction

This guideline is under construction.

For OAuth, ensure the relying party receiving the user's ID in the last protocol step is the same as the relying party that the access token was granted to.

Noncompliant Code Example

This noncompliant code example shows an application that

TBD

Compliant Solution

In this compliant solution the application

TBD

Risk Assessment

Rule	Severity	Likelihood	Detectable	Repairable	Priority	Level
DRD26-J	Medium	Probable	No	No	P4	L3

Automated Detection

Bibliography

[Chen 2014]	OAuth Demystified for Mobile Application Developers
[IETF OAuth1.0a]	Internet Engineering Task Force (IETF). OAuth core 1.0 revision a. http://oauth.net/core/1.0a/.
[IETF OAuth2.0]	Internet Engineering Task Force (IETF). The OAuth 2.0 authorization framework. http://tools.ietf.org/html/rfc6749.

Space shortcuts

Page tree

Noncompliant Code Example

Compliant Solution

Risk Assessment

Automated Detection

Bibliography