Good afternoon.

Today I will not tell you about typical vulnerabilities in oauth: there is no csrf check, you can change the redirect_uri, and so on. You can easily find all this on the Internet, because many articles have been written about this.

I want to tell you about a feature that I very often meet in popular private programs. I want to say right away that you should have at least a basic understanding of oauth.

Sorry in advance for my english.

So, let’s say you have oauth on your project.

Image for post
Image for post

As you can see, this project uses authorization via ok.ru (a popular Russian social network). …

VipItHunter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store