Covert OAuth Redirects and Perverse Incentives

Covert redirect is a structural vulnerability in OAuth-based protocols. It was widely publicized in early May. Identity and security experts had long known about, but don’t have an  easy fix. Once the media learned covert redirect isn’t as serious… Continue reading →