gadgetmies/oauth2-tester issues and pull requests

#29 - Verify that the server redirects with correct error when using wrong PKCE parameters

Issue - State: open - Opened by gadgetmies almost 4 years ago

#28 - Assert scopes on consent page

Issue - State: open - Opened by gadgetmies almost 4 years ago

#27 - Make sure the tests treat missing / invalid redirect_uri correctly

Issue - State: open - Opened by gadgetmies almost 4 years ago

#26 - CORS header validation

Issue - State: open - Opened by gadgetmies almost 4 years ago

#25 - Verify that the server does not add a trailing slash after origin if it is not in the redirect_uri

Issue - State: open - Opened by gadgetmies almost 4 years ago
Labels: nice to have

#24 - Ensure endpoint query is retained

Issue - State: open - Opened by gadgetmies almost 4 years ago

#23 - PKCE access token does not contain refresh token

Issue - State: open - Opened by gadgetmies almost 4 years ago

#22 - 4.4.1.11. Threat: DoS Attacks That Exhaust Resources

Issue - State: open - Opened by gadgetmies almost 4 years ago

#21 - 4.4.1.8. Threat: CSRF Attack against redirect-uri

Issue - State: open - Opened by gadgetmies almost 4 years ago

#20 - 4.1.4. Threat: End-User Credentials Phished Using Compromised or Embedded Browser

Issue - State: open - Opened by gadgetmies almost 4 years ago

#19 - Verify authorization code, access token and refresh token expiration

Issue - State: open - Opened by gadgetmies almost 4 years ago

#18 - Verify that a non absolute redirect_uri is not allowed

Issue - State: open - Opened by gadgetmies almost 4 years ago

#17 - Verify that the server discards fragment from redirect

Issue - State: open - Opened by gadgetmies almost 4 years ago

#16 - Authorization code request without redirect uri

Issue - State: open - Opened by gadgetmies almost 4 years ago

#15 - Test different scopes in different requests

Issue - State: open - Opened by gadgetmies almost 4 years ago

#14 - Verify token_type

Issue - State: open - Opened by gadgetmies almost 4 years ago

#13 - Test incorrect grant_types

Issue - State: open - Opened by gadgetmies almost 4 years ago

#12 - Implement tests according to the "OAuth 2.0 Threat Model and Security Considerations"

Issue - State: open - Opened by gadgetmies almost 4 years ago

#11 - Verify state handling

Issue - State: open - Opened by gadgetmies almost 4 years ago

#10 - Separate tests from suite registration

Issue - State: open - Opened by gadgetmies almost 4 years ago

#9 - Add references to the specification for the test suites and cases

Issue - State: open - Opened by gadgetmies almost 4 years ago

#8 - Remove code duplication in setup functions

Issue - State: open - Opened by gadgetmies almost 4 years ago

#7 - Verify error fields in response body when the user agent is not redirected

Issue - State: open - Opened by gadgetmies almost 4 years ago

#6 - Implement support for client credentials grant

Issue - State: open - Opened by gadgetmies almost 4 years ago

#5 - Implement support for password grant

Issue - State: open - Opened by gadgetmies almost 4 years ago

#4 - Implement support for implicit grant

Issue - State: open - Opened by gadgetmies almost 4 years ago

#3 - Add option to skip tests

Issue - State: open - Opened by gadgetmies almost 4 years ago

#2 - Add support for conditional validations

Issue - State: open - Opened by gadgetmies almost 4 years ago

#1 - Test revokation of access tokens granted for authorization code if authorization code is reused

Issue - State: open - Opened by gadgetmies almost 4 years ago

Ecosyste.ms: Issues

GitHub / gadgetmies/oauth2-tester issues and pull requests

#29 - Verify that the server redirects with correct error when using wrong PKCE parameters

#28 - Assert scopes on consent page

#27 - Make sure the tests treat missing / invalid redirect_uri correctly

#26 - CORS header validation

#25 - Verify that the server does not add a trailing slash after origin if it is not in the redirect_uri

#24 - Ensure endpoint query is retained

#23 - PKCE access token does not contain refresh token

#22 - 4.4.1.11. Threat: DoS Attacks That Exhaust Resources

#21 - 4.4.1.8. Threat: CSRF Attack against redirect-uri

#20 - 4.1.4. Threat: End-User Credentials Phished Using Compromised or Embedded Browser

#19 - Verify authorization code, access token and refresh token expiration

#18 - Verify that a non absolute redirect_uri is not allowed

#17 - Verify that the server discards fragment from redirect

#16 - Authorization code request without redirect uri

#15 - Test different scopes in different requests

#14 - Verify token_type

#13 - Test incorrect grant_types

#12 - Implement tests according to the "OAuth 2.0 Threat Model and Security Considerations"

#11 - Verify state handling

#10 - Separate tests from suite registration

#9 - Add references to the specification for the test suites and cases

#8 - Remove code duplication in setup functions

#7 - Verify error fields in response body when the user agent is not redirected

#6 - Implement support for client credentials grant

#5 - Implement support for password grant

#4 - Implement support for implicit grant

#3 - Add option to skip tests

#2 - Add support for conditional validations

#1 - Test revokation of access tokens granted for authorization code if authorization code is reused