gadgetmies/oauth2-tester

Issues

• Verify that the server redirects with correct error when using wrong PKCE parameters

  #29 opened 4 years ago
  0

• Assert scopes on consent page

  #28 opened 4 years ago
  0

• Make sure the tests treat missing / invalid redirect_uri correctly

  #27 opened 4 years ago
  0

• CORS header validation

  #26 opened 4 years ago
  0

• Verify that the server does not add a trailing slash after origin if it is not in the redirect_uri

  #25 opened 4 years ago
  0

• Ensure endpoint query is retained

  #24 opened 4 years ago
  0

• PKCE access token does not contain refresh token

  #23 opened 4 years ago
  0

• 4.4.1.11. Threat: DoS Attacks That Exhaust Resources

  #22 opened 4 years ago
  0

• 4.4.1.8. Threat: CSRF Attack against redirect-uri

  #21 opened 4 years ago
  0

• 4.1.4. Threat: End-User Credentials Phished Using Compromised or Embedded Browser

  #20 opened 4 years ago
  0

• Verify authorization code, access token and refresh token expiration

  #19 opened 4 years ago
  0

• Verify that a non absolute redirect_uri is not allowed

  #18 opened 4 years ago
  0

• Verify that the server discards fragment from redirect

  #17 opened 4 years ago
  0

• Authorization code request without redirect uri

  #16 opened 4 years ago
  0

• Test different scopes in different requests

  #15 opened 4 years ago
  0

• Verify token_type

  #14 opened 4 years ago
  0

• Test incorrect grant_types

  #13 opened 4 years ago
  0

• Implement tests according to the "OAuth 2.0 Threat Model and Security Considerations"

  #12 opened 4 years ago
  0

• Verify state handling

  #11 opened 4 years ago
  0

• Separate tests from suite registration

  #10 opened 4 years ago
  0

• Add references to the specification for the test suites and cases

  #9 opened 4 years ago
  0

• Remove code duplication in setup functions

  #8 opened 4 years ago
  0

• Verify error fields in response body when the user agent is not redirected

  #7 opened 4 years ago
  0

• Implement support for client credentials grant

  #6 opened 4 years ago
  0

• Implement support for password grant

  #5 opened 4 years ago
  0

• Implement support for implicit grant

  #4 opened 4 years ago
  0

• Add option to skip tests

  #3 opened 4 years ago
  0

• Add support for conditional validations

  #2 opened 4 years ago
  0

• Test revokation of access tokens granted for authorization code if authorization code is reused

  #1 opened 4 years ago
  0