Completed
Attack data flow sequence
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Federated Login CSRF
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Quick Recap - Federated Login
- 3 Additional CSRF Scenarios
- 4 OAuth Code Grant Flow
- 5 Recommended State parameter
- 6 OpenID connect login flow
- 7 Risk in the current scenario
- 8 Recommended Parameter from OpenID Connect Spec
- 9 Federated Login CSRF (Pre-Conditions)
- 10 Attacker configuration
- 11 Attack data flow sequence
- 12 Risks
- 13 Demo
- 14 Mitigation 1: Show a 2nd Consent dialog before linking identities
- 15 Conclusions