OAuth 2.0 Hack
I have been pecking away at building an online service for the last year. I spent three months just getting the oath implementation functional (I couldn’t use an existing implementation). I still wasn’t satisfied
Then I read this. Twice
Win for me… I think I was actually vaguely aware of this and covered the risk. So I think I’m ok
- I intentionally took measures that cover the described scenario
- I don’t store anything that should be considered private
Maybe I’ll read it again just to be sure
OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking