86°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • Huzaifa Muhammad https://twitter.com/huzayyfah   •   Dec 23
    In situations where introspection endpoint is left open and un-throttled, how can a researcher exploit such vulnerability ? I could not find such stuff with google search.
    Aaron Parecki
    The main threat is token scanning attacks, but there isn't much difference between scanning the introspection endpoint or a resource server at that point. That said, the introspection endpoint is supposed to require authentication according to https://tools.ietf.org/html/rfc7662#section-4
    Portland, Oregon • 41°F
    Wed, Dec 23, 2020 11:33am -08:00
    1 like 2 replies
    • Huzaifa Muhammad
    • Huzaifa Muhammad twitter.com/huzayyfah
      Hi Aaron. I came across a client using redirect uri like this: redirect_uri=storageRelay//https:// And I was unable to see their auth code. Are they hiding their code?
      Wed, Dec 30, 2020 8:13am +00:00 (via brid-gy.appspot.com)
    • Huzaifa Muhammad twitter.com/huzayyfah
      sometimes you need to craft a payload in an iframe so that when a victim clicks you get his leaked code. Do I need a server where I get notified that victim has clicked my malicious payload ? And any idea about how to build such a server ? I couldnt get that with a google search
      Fri, Dec 25, 2020 1:33pm +00:00 (via brid-gy.appspot.com)
Posted in /replies using monocle.p3k.io

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv