Simuna InfosecSIMUNA INFOSEC
Technical

OAuth 2.0 and OpenID Connect Security Testing para empresas hispanohablantes

OAuth and OIDC power modern authentication flows. Common implementation flaws and how to test for them. Guidance for ES market.

OAuth 2.0 and OpenID Connect are the dominant protocols for delegated authorisation and authentication. Common implementation flaws include: open redirect vulnerabilities in callback URLs, CSRF in the authorisation flow, token leakage through browser history or referrer headers, insufficient scope validation, token lifetime and revocation issues, and PKCE bypass in public clients. Testing evaluates the complete flow from authorisation request through token issuance to resource access.