Add a security consideration around trusting metadata elements that describe the clients identity

mattrglobal / draft-looker-oauth-client-id-scheme

draft-looker-oauth-client-id-scheme

Other

1 stars 0 forks source link

Add a security consideration around trusting metadata elements that describe the clients identity #10

Open tplooker opened 1 year ago

tplooker commented 1 year ago

As highlighted by Torsten, attributes like client_name and client_logo that are present in the clients metadata can be a source of possible impersonation if the AS places false trust in this information, the existing security consideration around impersonation should be expanded to highlight this.

karthiknz commented 1 year ago

I believe this is a duplicate to issue #17 which covers a broader context.