DulRu

OAuth is a commonly used standard by many application developers. It specifies a process for resource owners to authorize third parties access to their server resources without sharing their credentials.  Clients use the access token to grant access to the protected user data. The process that the client grant the access token is known as grant type. 1)Authorization code grant type Figure 1  Can use to obtain both access token and refresh tokens.The flow of authorization code grant type is as follows.When user authorize the third party app to access data, the app request for authorization  .  Then the authorization server authenticates the resource owner.The access token is sent to client application as the response. The client app request for the access token, using the authorization code. The client app get receive the access token as the respones.  2)      Implicit grant type Figure 2    Client is not a...

T hese attacks could occur due to the vulnerabilities of the code of the web applications. In these attacks attacker forces the browser to make unauthorized requests, behalf of the user.  This can be explained as follows ,          The user logs in to a web page and login to that page using his user credentials, assume that this web page is vulnerable to cross site request forgery.          Then the user visits a web site without knowing the page is maintained by an attacker. This site contains CSRF attacks.        When the script gets executed, the user’s browser make request to the that vulnerable website. There are some mitigation methods we can use to prevent the CSRF attacks,              1.   Synchronizer token pattern.             2.  Double submit cookie pattern. Let’s look at the implementation of these two m...