Chapter 10. Common OAuth token vulnerabilities

This chapter covers

What a bearer token is and how to safely generate it
Managing the risk of using bearer tokens
Safely protecting bearer tokens
What an authorization code is and how to safely handle it

In the previous chapters, we’ve analyzed implementation vulnerabilities that affected all the actors of an OAuth deployment: clients, protected resources, and authorization servers. Most of the attacks we’ve seen had a single purpose: to steal an access token (or an authorization code used to get an access token). In this chapter, we go deeper into what it takes to create good access tokens and authorization codes, and what we can do to minimize the risks while handling them. We’re going to look ...

Get OAuth 2 in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

OAuth 2 in Action by Justin Richer, Antonio Sanso

Chapter 10. Common OAuth token vulnerabilities

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly