New Phishing Attacks Exploiting OAuth Authentication Flows (Part 3)
This blog series expands upon a presentation given at DEF CON 29 on August 7, 2021. In Part 1 of this series, we provided an overview of OAuth 2.0 and two of its authorization flows, the authorization code grant and the device authorization grant. In Part 2 of this series, we described how a phishing attack could be carried out by exploiting the device authorization grant flow.