SF: 10. security consideration for request_uri needed

Issue #65 resolved
Nat Sakimura repo owner created an issue

section 10: Is there nothing to be said about the new indirection caused by the request_uri? I'd have thought there were some corner cases that'd warrant a mention, e.g. if some kind of deadlock or looping could happen, or if one client (in OAuth terms) could use a request_uri value as a way to attempt attacks (to be assisted by an innocent browser) against some resource owner.

Comments (1)

  1. Log in to comment