Federated Login CSRF

Federated Login CSRF

OWASP Foundation via YouTube Direct link

Quick Recap - Federated Login

2 of 15

2 of 15

Quick Recap - Federated Login

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Federated Login CSRF

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Quick Recap - Federated Login
  3. 3 Additional CSRF Scenarios
  4. 4 OAuth Code Grant Flow
  5. 5 Recommended State parameter
  6. 6 OpenID connect login flow
  7. 7 Risk in the current scenario
  8. 8 Recommended Parameter from OpenID Connect Spec
  9. 9 Federated Login CSRF (Pre-Conditions)
  10. 10 Attacker configuration
  11. 11 Attack data flow sequence
  12. 12 Risks
  13. 13 Demo
  14. 14 Mitigation 1: Show a 2nd Consent dialog before linking identities
  15. 15 Conclusions

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.