@asanso about oauth open redirects: what is the issue there? e.g. this also works: https://accounts.google.com/o/oauth2/auth?client_id=243086291405-p1p6s7gq8rtijh3g9cppo85rl5pf17gv.apps.googleusercontent.com&response_type=code&scope=openid%20email&redirect_uri=https://thejh.net/&state=security_token%3D138r5719ru3e1%26url%3Dhttps://thejh.net/&prompt=none …
-
-
@asanso ah, nevermind. it seems I should read more about the issue before asking stupid questions on twitter. :DThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@tehjh usually yes. Said that you might also want to look at http://intothesymmetry.blogspot.ch/2015/04/open-redirect-in-rfc6749-aka-oauth-20.html … :) -
@asanso okay, so it's not a fix for a vuln, just hardening under the assumption that this is the only open redirect? - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.