[mitreid-connect] Suspicious behaviour when invalid redirect uri is detected?
Luiz Omori
luiz.omori at duke.edu
Thu Dec 1 11:32:21 EST 2016
Hi,
Interesting thing happened this morning while testing an application. I was using the Implicit flow and put a redirect url that hadn’t been configured in the server yet. The proper error message was displayed but I’ve noticed that may name was displayed on the top-right corner and could access some features from the server as if I was logged in to it. Is this by expected? I was kind of expecting that upon error my login would be aborted.
Regards,
Luiz
(Pictures removed...)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20161201/c4f71c7b/attachment.html
More information about the mitreid-connect
mailing list