PortSwigger Web Academy: Stealing OAuth Tokens Via Open Redirect
Vulnerability Chaining for Account Takeover
Hello, World! This blog post will serve as a walkthrough of PortSwigger’s Web Academy OAuth lab called “Stealing OAuth access tokens via an open redirect.” Let’s go for it!
Glossary
Authorization Server — the server responsible for authenticating the resource owner, obtaining their consent to allow the client application to access resources, and issuing a code (in the authorization code flow) to the client.
Access Token — a randomly generated string that the client application obtains from authorization server after it has retrieved an authorization code.
Client — the application attempting to gain access to the resource owners data.
Resource Owner — the entity that owns the protected resource.
Resource Server — the server that hosts the protected resources the client application wants to access. It also validated any credentials that are passed to it by the client application.
Scope — defines the specific resources or action the client application wants to gain access to.