Provided by: SecurityTube.net
Many Online Social Networks (OSNs) are using OAuth 2.0 to grant access to API endpoints now-a-days. Despite many thorough threat model analyses (e.g. RFC6819), only a few real world attacks have been discovered and demonstrated. To the presenter's knowledge, previously discovered loopholes are all based on the misuse of OAuth.