00 — Overview

OAuth 2.0 Attacks

Learn how OAuth authorization flows break under redirect_uri manipulation, missing state parameters, and authorization code interception.

Intermediate·50 min·5 tasks

// By the end of this module

→Understand the OAuth 2.0 authorisation code flow end to end

→Exploit open redirects in redirect_uri to steal authorisation codes

→Perform CSRF on the OAuth callback to link attacker accounts

→Abuse the implicit flow and token leakage via referrer headers

// Prerequisites

Foundation · Beginner

35 min

Authentication · Intermediate

40 min

Client-Side · Intermediate

45 min