OAuth Redirect URI Test

A relatively common OAuth and OpenID Connect implementation flaw is to allow arbitrary schemes for the redirect_uri parameter within the Auth. Request. This enables CSRF-style credential disclosure attacks using custom URL schemes for native applications.

This simple demo application registers the URL scheme com.test.test:// and prompts received data on activation via Intent.

Example:

Install Application (either from source or via the Play Store: https://play.google.com/store/apps/details?id=com.lauritz.oauthredirecturitest).
Click the following link: com.test.test://example.com/callback?code=test#access_token=test2

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
.idea		.idea
app		app
gradle/wrapper		gradle/wrapper
.gitignore		.gitignore
README.md		README.md
build.gradle		build.gradle
gradle.properties		gradle.properties
gradlew		gradlew
gradlew.bat		gradlew.bat
oauth_test_app_featured.png		oauth_test_app_featured.png
oauth_test_app_featured.xcf		oauth_test_app_featured.xcf
oauth_test_app_icon.png		oauth_test_app_icon.png
oauth_test_app_icon.xcf		oauth_test_app_icon.xcf
settings.gradle		settings.gradle

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

OAuth Redirect URI Test

Example:

About

Releases

Packages

Languages

lauritzh/OAuth-RedirectURI-Android-App

Folders and files

Latest commit

History

Repository files navigation

OAuth Redirect URI Test

Example:

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages