Completed
Federated Login CSRF (Pre-Conditions)
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Federated Login CSRF
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Quick Recap - Federated Login
- 3 Additional CSRF Scenarios
- 4 OAuth Code Grant Flow
- 5 Recommended State parameter
- 6 OpenID connect login flow
- 7 Risk in the current scenario
- 8 Recommended Parameter from OpenID Connect Spec
- 9 Federated Login CSRF (Pre-Conditions)
- 10 Attacker configuration
- 11 Attack data flow sequence
- 12 Risks
- 13 Demo
- 14 Mitigation 1: Show a 2nd Consent dialog before linking identities
- 15 Conclusions