gadgetmies / oauth2-tester Public

Notifications You must be signed in to change notification settings
Fork 0
Star 1

Code
Issues 29
Pull requests
Actions
Projects
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Security
Insights

Issues: gadgetmies/oauth2-tester

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

29 Open 0 Closed

Author

Filter by author

Label

Filter by label

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Milestones

Filter by milestone

Assignee

Filter by who’s assigned

Assigned to nobody

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Issues list

Verify that the server redirects with correct error when using wrong PKCE parameters

#29 opened Jan 11, 2021 by gadgetmies

Assert scopes on consent page

#28 opened Jan 10, 2021 by gadgetmies

Make sure the tests treat missing / invalid redirect_uri correctly

#27 opened Jan 10, 2021 by gadgetmies

CORS header validation

#26 opened Jan 10, 2021 by gadgetmies

Verify that the server does not add a trailing slash after origin if it is not in the redirect_uri nice to have

#25 opened Jan 10, 2021 by gadgetmies

Ensure endpoint query is retained

#24 opened Jan 10, 2021 by gadgetmies

PKCE access token does not contain refresh token

#23 opened Jan 10, 2021 by gadgetmies

4.4.1.11. Threat: DoS Attacks That Exhaust Resources

#22 opened Jan 10, 2021 by gadgetmies

4.4.1.8. Threat: CSRF Attack against redirect-uri

#21 opened Jan 10, 2021 by gadgetmies

4.1.4. Threat: End-User Credentials Phished Using Compromised or Embedded Browser

#20 opened Jan 10, 2021 by gadgetmies

Verify authorization code, access token and refresh token expiration

#19 opened Jan 10, 2021 by gadgetmies

Verify that a non absolute redirect_uri is not allowed

#18 opened Jan 10, 2021 by gadgetmies

Verify that the server discards fragment from redirect

#17 opened Jan 10, 2021 by gadgetmies

Authorization code request without redirect uri

#16 opened Jan 10, 2021 by gadgetmies

Test different scopes in different requests

#15 opened Jan 10, 2021 by gadgetmies

Verify token_type

#14 opened Jan 10, 2021 by gadgetmies

Test incorrect grant_types

#13 opened Jan 10, 2021 by gadgetmies

Implement tests according to the "OAuth 2.0 Threat Model and Security Considerations"

#12 opened Jan 10, 2021 by gadgetmies

Verify state handling

#11 opened Jan 10, 2021 by gadgetmies

Separate tests from suite registration

#10 opened Jan 10, 2021 by gadgetmies

Add references to the specification for the test suites and cases

#9 opened Jan 10, 2021 by gadgetmies

Remove code duplication in setup functions

#8 opened Jan 10, 2021 by gadgetmies

Verify error fields in response body when the user agent is not redirected

#7 opened Jan 10, 2021 by gadgetmies

Implement support for client credentials grant

#6 opened Jan 10, 2021 by gadgetmies

Implement support for password grant

#5 opened Jan 10, 2021 by gadgetmies

Previous 1 2 Next

Previous Next

ProTip! Exclude everything labeled bug with -label:bug.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly