Prevent mixup attacks
tanguilp opened this issue · 0 comments
tanguilp commented
https://danielfett.de/2020/05/04/mix-up-revisited/
https://tools.ietf.org/html/draft-ietf-oauth-security-topics-15#section-4.4
The easiest and most secure way is probably to have one redirect URI per issuer, for instance:
https://my-rp.com/openid_connect_redirect_uri/https%3A%2F%2Frepentant-brief-fishingcat.gigalixirapp.com
.
A mix task would be welcome to print the redirect URI for use by the end-developer.